Issue #6554 - DefaultAuthenticatorFactory should not create BasicAuth…

…enticator for null AuthMethod

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java

@@ -62,7 +62,7 @@ public Authenticator getAuthenticator(Server server, ServletContext context, Aut
         String auth = configuration.getAuthMethod();
         Authenticator authenticator = null;
 
-        if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
+        if (Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
             authenticator = new BasicAuthenticator();
         else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
             authenticator = new DigestAuthenticator();

jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java

@@ -293,9 +293,6 @@ protected IdentityService findIdentityService()
         return getServer().getBean(IdentityService.class);
     }
 
-    /**
-     *
-     */
     @Override
     protected void doStart()
         throws Exception
@@ -349,7 +346,7 @@ else if (_loginService.getIdentityService() != _identityService)
                 throw new IllegalStateException("LoginService has different IdentityService to " + this);
         }
 
-        if (_authenticator == null && _identityService != null)
+        if (_authenticator == null)
         {
             // If someone has set an authenticator factory only use that, otherwise try the list of discovered factories.
             if (_authenticatorFactory != null)
@@ -396,7 +393,6 @@ else if (_realmName != null)
     }
 
     @Override
-
     protected void doStop() throws Exception
     {
         //if we discovered the services (rather than had them explicitly configured), remove them.