Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java2
-rw-r--r--tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java26
2 files changed, 25 insertions, 3 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
index 84deed8609..2ac6781a79 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
@@ -166,7 +166,7 @@ public abstract class AbstractLoginService extends AbstractLifeCycle implements
return null;
UserPrincipal userPrincipal = loadUserInfo(username);
- if (userPrincipal.authenticate(credentials))
+ if (userPrincipal != null && userPrincipal.authenticate(credentials))
{
//safe to load the roles
String[] roles = loadRoleInfo(userPrincipal);
diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
index 2f6acdd355..3670d1137d 100644
--- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
+++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
@@ -161,6 +161,21 @@ public class JdbcLoginServiceTest
}
}
+ public void testGetWithNonExistantUser() throws Exception
+ {
+ try
+ {
+ startClient("foo", "bar");
+
+ ContentResponse response = _client.GET(_baseUri.resolve("input.txt"));
+ assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus());
+ }
+ finally
+ {
+ stopClient();
+ }
+ }
+
//Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552
@Ignore
public void testHead() throws Exception
@@ -201,7 +216,7 @@ public class JdbcLoginServiceTest
}
}
- protected void startClient()
+ protected void startClient(String username, String pwd)
throws Exception
{
_client = new HttpClient();
@@ -209,10 +224,17 @@ public class JdbcLoginServiceTest
executor.setName(executor.getName() + "-client");
_client.setExecutor(executor);
AuthenticationStore authStore = _client.getAuthenticationStore();
- authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty"));
+ authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, username, pwd));
_client.start();
}
+ protected void startClient()
+ throws Exception
+ {
+ startClient("jetty", "jetty");
+ }
+
+
protected void stopClient()
throws Exception
{

Back to the top