diff options
3 files changed, 39 insertions, 15 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java index 84deed8609..2ac6781a79 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -166,7 +166,7 @@ public abstract class AbstractLoginService extends AbstractLifeCycle implements return null; UserPrincipal userPrincipal = loadUserInfo(username); - if (userPrincipal.authenticate(credentials)) + if (userPrincipal != null && userPrincipal.authenticate(credentials)) { //safe to load the roles String[] roles = loadRoleInfo(userPrincipal); diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java index 2f6acdd355..3670d1137d 100644 --- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java +++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java @@ -161,6 +161,21 @@ public class JdbcLoginServiceTest } } + public void testGetWithNonExistantUser() throws Exception + { + try + { + startClient("foo", "bar"); + + ContentResponse response = _client.GET(_baseUri.resolve("input.txt")); + assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus()); + } + finally + { + stopClient(); + } + } + //Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552 @Ignore public void testHead() throws Exception @@ -201,7 +216,7 @@ public class JdbcLoginServiceTest } } - protected void startClient() + protected void startClient(String username, String pwd) throws Exception { _client = new HttpClient(); @@ -209,10 +224,17 @@ public class JdbcLoginServiceTest executor.setName(executor.getName() + "-client"); _client.setExecutor(executor); AuthenticationStore authStore = _client.getAuthenticationStore(); - authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty")); + authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, username, pwd)); _client.start(); } + protected void startClient() + throws Exception + { + startClient("jetty", "jetty"); + } + + protected void stopClient() throws Exception { diff --git a/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml b/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml index fc42f03a8f..4a978e9fa7 100644 --- a/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml +++ b/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml @@ -109,18 +109,20 @@ detected. --> <!-- Add context specific logger - <Set name="handler"> - <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler"> - <Set name="requestLog"> - <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog"> - <Set name="filename"><Property name="jetty.logs" default="./logs"/>/test-yyyy_mm_dd.request.log</Set> - <Set name="filenameDateFormat">yyyy_MM_dd</Set> - <Set name="append">true</Set> - <Set name="LogTimeZone">GMT</Set> - </New> - </Set> - </New> - </Set> + <Call name="insertHandler"> + <Arg> + <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler"> + <Set name="requestLog"> + <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog"> + <Set name="filename"><Property name="jetty.logs" default="./logs"/>/test-yyyy_mm_dd.request.log</Set> + <Set name="filenameDateFormat">yyyy_MM_dd</Set> + <Set name="append">true</Set> + <Set name="LogTimeZone">GMT</Set> + </New> + </Set> + </New> + </Arg> + </Call> --> </Configure> |