diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java index 84deed86097..2ac6781a79e 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -166,7 +166,7 @@ public abstract class AbstractLoginService extends AbstractLifeCycle implements return null; UserPrincipal userPrincipal = loadUserInfo(username); - if (userPrincipal.authenticate(credentials)) + if (userPrincipal != null && userPrincipal.authenticate(credentials)) { //safe to load the roles String[] roles = loadRoleInfo(userPrincipal); diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java index 2f6acdd3556..3670d1137d4 100644 --- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java +++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java @@ -161,6 +161,21 @@ public class JdbcLoginServiceTest } } + public void testGetWithNonExistantUser() throws Exception + { + try + { + startClient("foo", "bar"); + + ContentResponse response = _client.GET(_baseUri.resolve("input.txt")); + assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus()); + } + finally + { + stopClient(); + } + } + //Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552 @Ignore public void testHead() throws Exception @@ -201,7 +216,7 @@ public class JdbcLoginServiceTest } } - protected void startClient() + protected void startClient(String username, String pwd) throws Exception { _client = new HttpClient(); @@ -209,10 +224,17 @@ public class JdbcLoginServiceTest executor.setName(executor.getName() + "-client"); _client.setExecutor(executor); AuthenticationStore authStore = _client.getAuthenticationStore(); - authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty")); + authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, username, pwd)); _client.start(); } + protected void startClient() + throws Exception + { + startClient("jetty", "jetty"); + } + + protected void stopClient() throws Exception { diff --git a/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml b/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml index fc42f03a8f1..4a978e9fa79 100644 --- a/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml +++ b/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml @@ -109,18 +109,20 @@ detected. -->