SEC-474: Gracefully abort if username and password non-retrievable.

core/src/main/java/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java

@@ -286,6 +286,11 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
             password = successfulAuthentication.getCredentials().toString();
         }
         
+        // If unable to find a username and password, just abort as TokenBasedRememberMeServices unable to construct a valid token in this case
+        if (!StringUtils.hasLength(username) || !StringUtils.hasLength(password)) {
+        	return;
+        }
+
         Assert.hasLength(username);
         Assert.hasLength(password);