diff options
| author | Jan Bartel | 2016-02-02 09:09:48 +0000 |
|---|---|---|
| committer | Jan Bartel | 2016-02-02 09:09:48 +0000 |
| commit | fdf127ee19be409b34d13aae867b90f815ba0e68 (patch) | |
| tree | cf44bec2e5de67e5dd161d5b7c93cd5a7d7ea8eb | |
| parent | 56c0bc768ca577ea6a110ffd423d3152ebe50201 (diff) | |
| download | org.eclipse.jetty.project-fdf127ee19be409b34d13aae867b90f815ba0e68.tar.gz org.eclipse.jetty.project-fdf127ee19be409b34d13aae867b90f815ba0e68.tar.xz org.eclipse.jetty.project-fdf127ee19be409b34d13aae867b90f815ba0e68.zip | |
486497 NPE in MappedLoginService
| -rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java | 2 | ||||
| -rw-r--r-- | tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java | 26 |
2 files changed, 25 insertions, 3 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java index 84deed8609..2ac6781a79 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -166,7 +166,7 @@ public abstract class AbstractLoginService extends AbstractLifeCycle implements return null; UserPrincipal userPrincipal = loadUserInfo(username); - if (userPrincipal.authenticate(credentials)) + if (userPrincipal != null && userPrincipal.authenticate(credentials)) { //safe to load the roles String[] roles = loadRoleInfo(userPrincipal); diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java index 2f6acdd355..3670d1137d 100644 --- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java +++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java @@ -161,6 +161,21 @@ public class JdbcLoginServiceTest } } + public void testGetWithNonExistantUser() throws Exception + { + try + { + startClient("foo", "bar"); + + ContentResponse response = _client.GET(_baseUri.resolve("input.txt")); + assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus()); + } + finally + { + stopClient(); + } + } + //Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552 @Ignore public void testHead() throws Exception @@ -201,7 +216,7 @@ public class JdbcLoginServiceTest } } - protected void startClient() + protected void startClient(String username, String pwd) throws Exception { _client = new HttpClient(); @@ -209,10 +224,17 @@ public class JdbcLoginServiceTest executor.setName(executor.getName() + "-client"); _client.setExecutor(executor); AuthenticationStore authStore = _client.getAuthenticationStore(); - authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty")); + authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, username, pwd)); _client.start(); } + protected void startClient() + throws Exception + { + startClient("jetty", "jetty"); + } + + protected void stopClient() throws Exception { |