while running benchmarks for
OAK-4119 on the lastest trunk version i noticed that the DefaultAuthorizableActionProvider always looks up the configured action classes despite the fact that the set is fix and known to the implementation.
this only became apparent in the benchmarks due to the introduction of
OAK-4003, which has not yet been introduced during the initial benchmark runs (both for 1.4 and 1.6-SNAPSHOT).
anyway: this could be simplified a lot and while doing so, i noticed that the DefaultAuthorizableActionProvider doesn't come with dedicated unit tests.