From fdf127ee19be409b34d13aae867b90f815ba0e68 Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@webtide.com>
Date: Tue, 2 Feb 2016 10:09:48 +0100
Subject: [PATCH 1/2] 486497  NPE in MappedLoginService

---
 .../jetty/security/AbstractLoginService.java  |  2 +-
 .../eclipse/jetty/JdbcLoginServiceTest.java   | 26 +++++++++++++++++--
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
index 84deed86097..2ac6781a79e 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
@@ -166,7 +166,7 @@ public abstract class AbstractLoginService extends AbstractLifeCycle implements
             return null;
 
         UserPrincipal userPrincipal = loadUserInfo(username);
-        if (userPrincipal.authenticate(credentials))
+        if (userPrincipal != null && userPrincipal.authenticate(credentials))
         {
             //safe to load the roles
             String[] roles = loadRoleInfo(userPrincipal);
diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
index 2f6acdd3556..3670d1137d4 100644
--- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
+++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java
@@ -161,6 +161,21 @@ public class JdbcLoginServiceTest
          }
      }
 
+     public void testGetWithNonExistantUser() throws Exception
+     {
+         try
+         {
+             startClient("foo", "bar");
+
+             ContentResponse response = _client.GET(_baseUri.resolve("input.txt"));
+             assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus());
+         }
+         finally
+         {
+             stopClient();
+         }
+     }
+
      //Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552
      @Ignore
      public void testHead() throws Exception
@@ -201,7 +216,7 @@ public class JdbcLoginServiceTest
          }
      }
 
-     protected void startClient()
+     protected void startClient(String username, String pwd)
          throws Exception
      {
          _client = new HttpClient();
@@ -209,10 +224,17 @@ public class JdbcLoginServiceTest
          executor.setName(executor.getName() + "-client");
          _client.setExecutor(executor);
          AuthenticationStore authStore = _client.getAuthenticationStore();
-         authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty"));
+         authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, username, pwd));
          _client.start();
      }
 
+     protected void startClient()
+         throws Exception
+     {
+         startClient("jetty", "jetty");
+     }
+
+
      protected void stopClient()
          throws Exception
      {

From 0f19eda53d9d91902bc5719a8c2c38cb45529ed5 Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@webtide.com>
Date: Tue, 2 Feb 2016 15:04:22 +0100
Subject: [PATCH 2/2] 486530 Handler added to WebAppContext prevents
 ServletContext initialization

---
 .../main/config/demo-base/webapps/test.xml    | 26 ++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml b/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml
index fc42f03a8f1..4a978e9fa79 100644
--- a/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml
+++ b/tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/webapps/test.xml
@@ -109,18 +109,20 @@ detected.
   -->
 
   <!-- Add context specific logger
-  <Set name="handler">
-    <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler">
-      <Set name="requestLog">
-	<New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-	  <Set name="filename"><Property name="jetty.logs" default="./logs"/>/test-yyyy_mm_dd.request.log</Set>
-	  <Set name="filenameDateFormat">yyyy_MM_dd</Set>
-	  <Set name="append">true</Set>
-	  <Set name="LogTimeZone">GMT</Set>
-	</New>
-      </Set>
-    </New>
-  </Set>
+  <Call name="insertHandler">
+    <Arg>
+      <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler">
+        <Set name="requestLog">
+          <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
+            <Set name="filename"><Property name="jetty.logs" default="./logs"/>/test-yyyy_mm_dd.request.log</Set>
+            <Set name="filenameDateFormat">yyyy_MM_dd</Set>
+            <Set name="append">true</Set>
+            <Set name="LogTimeZone">GMT</Set>
+          </New>
+        </Set>
+      </New>
+    </Arg>
+  </Call>
   -->
 
 </Configure>