diff options
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java')
-rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java index 84deed8609..2ac6781a79 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -166,7 +166,7 @@ public abstract class AbstractLoginService extends AbstractLifeCycle implements return null; UserPrincipal userPrincipal = loadUserInfo(username); - if (userPrincipal.authenticate(credentials)) + if (userPrincipal != null && userPrincipal.authenticate(credentials)) { //safe to load the roles String[] roles = loadRoleInfo(userPrincipal); |