diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultLoginService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultLoginService.java
index 126c2903..ee3cc478 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultLoginService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultLoginService.java
@@ -205,7 +205,7 @@ public class DefaultLoginService
         SecuritySession securitySession = httpAuthenticator.getSecuritySession( httpServletRequest.getSession( true ) );
         Boolean isLogged = securitySession != null;
         log.debug( "isLogged {}", isLogged );
-        return isLogged ? buildRestUser( securitySession.getUser() ) : null;
+        return isLogged && securitySession.getUser() != null ? buildRestUser( securitySession.getUser() ) : null;
     }
 
     public Boolean logout()