This issues is a cornerstone case. The consequences are, hoewever , quit severe and unexpected. User is not able to log in, and it seems - from the CMS user perspective - as if the CMS has been crashed.
The particular circumstances happen at a big cumstomer of us, which has a shared repository with several departements. The departments shared the same content model, but some departements do not use the taxonomy in their documents.
The issue about how the taxonomy plugin deals with the particular circumstance (error handling) . The plugin fails with a NullPointerException. This results in "blank" screen - servlet error. The exception should not be thrown and the program should handle the error gracefully.
Create an editor linked to a security domain which does not has access to the taxonomytree.
Log in as the editor
Create a document using taxonomy
Leave the document open en log out - the document is still in draft
Now log in
CMS is not available, servlet error.
In the CMS log you can find a NullPointerException throws by the Taxonomy plugin
Log in, the editor should encounter the document in the same state.
Throw away the cookie and log in again as admin
The editor has rights for the document, and is able to save and publish the document.
Only if the user logs out and logs in, with the document in draft state, the error occurs.
The plugin is loaded as the document is open, but during the loading it has a conflict with the security model.