371162 NPE protection for nested security handlers

author: Greg Wilkins 2012-02-10 00:58:19 +0000
committer: Greg Wilkins 2012-02-10 00:58:19 +0000
commit: a4a5e56aeb9819990d16b883f07dadc5e2199217 (patch)
tree: d75cf090b70b15439b81148bbf76194a8445482f /jetty-security/src
parent: b949fb762273d7a6e23a8e7eb9dcf7f4b2bb99e7 (diff)
download: org.eclipse.jetty.project-a4a5e56aeb9819990d16b883f07dadc5e2199217.tar.gz
org.eclipse.jetty.project-a4a5e56aeb9819990d16b883f07dadc5e2199217.tar.xz
org.eclipse.jetty.project-a4a5e56aeb9819990d16b883f07dadc5e2199217.zip
1 files changed, 10 insertions, 7 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index f6af097880..d6f69bbb91 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -503,15 +503,18 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
                         previousIdentity = deferred.getPreviousAssociation();
                         deferred.setIdentityService(null);
                     }
-                   
-                    Authentication auth=baseRequest.getAuthentication();
-                    if (auth instanceof Authentication.User)
+
+                    if (authenticator!=null)
                     {
-                        Authentication.User userAuth = (Authentication.User)auth;
-                        authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
+                        Authentication auth=baseRequest.getAuthentication();
+                        if (auth instanceof Authentication.User)
+                        {
+                            Authentication.User userAuth = (Authentication.User)auth;
+                            authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
+                        }
+                        else
+                            authenticator.secureResponse(request, response, isAuthMandatory, null);
                     }
-                    else
-                        authenticator.secureResponse(request, response, isAuthMandatory, null);
                 }
                 else
                 {
author	Greg Wilkins	2012-02-10 00:58:19 +0000
committer	Greg Wilkins	2012-02-10 00:58:19 +0000
commit	a4a5e56aeb9819990d16b883f07dadc5e2199217 (patch)
tree	d75cf090b70b15439b81148bbf76194a8445482f /jetty-security/src
parent	b949fb762273d7a6e23a8e7eb9dcf7f4b2bb99e7 (diff)
download	org.eclipse.jetty.project-a4a5e56aeb9819990d16b883f07dadc5e2199217.tar.gz org.eclipse.jetty.project-a4a5e56aeb9819990d16b883f07dadc5e2199217.tar.xz org.eclipse.jetty.project-a4a5e56aeb9819990d16b883f07dadc5e2199217.zip