At the moment when AAA tried to look up a user from username supplied but failed (might be cause the user record has been removed from app database) it throws out NPE.
The expected behavior is to clear current session and throw out 401 Unauthorized or 302 redirect (to login URL) based app's configuration.
At the moment when AAA tried to look up a user from username supplied but failed (might be cause the user record has been removed from app database) it throws out NPE.
The expected behavior is to clear current session and throw out 401 Unauthorized or 302 redirect (to login URL) based app's configuration.