Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bartel2016-02-01 11:42:01 -0500
committerJan Bartel2016-02-01 11:42:56 -0500
commitd8c33e8dca4953b4cf42a327cd99efdcf60ca15b (patch)
tree6e5f35e385d430a68d80db8552f34ae57625836d
parent7ec6e2e899c5c9fa2aa136cb321892682fcba5dd (diff)
downloadorg.eclipse.jetty.project-d8c33e8dca4953b4cf42a327cd99efdcf60ca15b.tar.gz
org.eclipse.jetty.project-d8c33e8dca4953b4cf42a327cd99efdcf60ca15b.tar.xz
org.eclipse.jetty.project-d8c33e8dca4953b4cf42a327cd99efdcf60ca15b.zip
486497 NPE in MappedLoginService
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java2
-rw-r--r--tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java22
2 files changed, 22 insertions, 2 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
index 629b7f5535..ecd571a02d 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
@@ -241,7 +241,7 @@ public abstract class MappedLoginService extends AbstractLifeCycle implements Lo
if (user==null)
{
KnownUser userPrincipal = loadUserInfo(username);
- if (userPrincipal.authenticate(credentials))
+ if (userPrincipal != null && userPrincipal.authenticate(credentials))
{
//safe to load the roles
String[] roles = loadRoleInfo(userPrincipal);
diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
index 2f6acdd355..4d736812aa 100644
--- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
+++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
@@ -160,6 +160,21 @@ public class JdbcLoginServiceTest
stopClient();
}
}
+
+ @Test
+ public void testGetNonExistantUser () throws Exception
+ {
+ try
+ {
+ startClient("foo", "bar");
+ ContentResponse response = _client.GET(_baseUri.resolve("input.txt"));
+ assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus());
+ }
+ finally
+ {
+ stopClient();
+ }
+ }
//Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552
@Ignore
@@ -204,12 +219,17 @@ public class JdbcLoginServiceTest
protected void startClient()
throws Exception
{
+ startClient("jetty", "jetty");
+ }
+
+ protected void startClient(String user, String pwd) throws Exception
+ {
_client = new HttpClient();
QueuedThreadPool executor = new QueuedThreadPool();
executor.setName(executor.getName() + "-client");
_client.setExecutor(executor);
AuthenticationStore authStore = _client.getAuthenticationStore();
- authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty"));
+ authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, user, pwd));
_client.start();
}

Back to the top