2 files changed, 22 insertions, 2 deletions

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
index 629b7f5535..ecd571a02d 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
@@ -241,7 +241,7 @@ public abstract class MappedLoginService extends AbstractLifeCycle implements Lo
         if (user==null)
         {
             KnownUser userPrincipal = loadUserInfo(username);
-            if (userPrincipal.authenticate(credentials))
+            if (userPrincipal != null && userPrincipal.authenticate(credentials))
             {
                 //safe to load the roles
                 String[] roles = loadRoleInfo(userPrincipal);
diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
index 2f6acdd355..4d736812aa 100644
--- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
+++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
@@ -160,6 +160,21 @@ public class JdbcLoginServiceTest
              stopClient();
          }
      }
+     
+     @Test
+     public void testGetNonExistantUser () throws Exception
+     {
+         try
+         {
+             startClient("foo", "bar");
+             ContentResponse response = _client.GET(_baseUri.resolve("input.txt"));
+             assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus());
+         }
+         finally
+         {
+             stopClient();
+         }
+     }
 
      //Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552
      @Ignore
@@ -204,12 +219,17 @@ public class JdbcLoginServiceTest
      protected void startClient()
          throws Exception
      {
+         startClient("jetty", "jetty");
+     }
+     
+     protected void startClient(String user, String pwd) throws Exception
+     {
          _client = new HttpClient();
          QueuedThreadPool executor = new QueuedThreadPool();
          executor.setName(executor.getName() + "-client");
          _client.setExecutor(executor);
          AuthenticationStore authStore = _client.getAuthenticationStore();
-         authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty"));
+         authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, user, pwd));
          _client.start();
      }