I was wrong in saying we have access control information defined in the JCR repository. The ACL information resides in DB; we are able to use ItemFilter's -> isFilteredNodeType(Item item) method to filter out nodes as per user
the access control functionality should be enforced in the repository and not in the webdav-layer on top of the repository. please make sure, you have the access control funcitionality in the repository reading/evaluation the information from your DB. what you try to do, looks like an ugly hack to me. angela
