Merge remote-tracking branch 'origin/master' into jetty-9.1

2 files changed, 6 insertions, 0 deletions

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
index 41648d6a6c..37c72c37dd 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
@@ -212,6 +212,9 @@ public abstract class MappedLoginService extends AbstractLifeCycle implements Lo
      */
     public UserIdentity login(String username, Object credentials)
     {
+        if (username == null)
+            return null;
+        
         UserIdentity user = _users.get(username);
 
         if (user==null)
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
index 1dedf0fb2c..ebdda3244b 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java
@@ -117,6 +117,9 @@ public class DeferredAuthentication implements Authentication.Deferred
     @Override
     public Authentication login(String username, Object password, ServletRequest request)
     {
+        if (username == null)
+            return null;
+        
         UserIdentity identity = _authenticator.login(username, password, request);
         if (identity != null)
         {