jetty · lachlan-roberts · Sep 3, 2021 · Sep 2, 2021
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java
@@ -58,7 +58,7 @@ public Authenticator getAuthenticator(Server server, ServletContext context, Aut
         String auth = configuration.getAuthMethod();
         Authenticator authenticator = null;
 
-        if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
+        if (Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
             authenticator = new BasicAuthenticator();
         else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
             authenticator = new DigestAuthenticator();

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -312,9 +312,6 @@ protected IdentityService findIdentityService()
         return getServer().getBean(IdentityService.class);
     }
 
-    /**
-     *
-     */
     @Override
     protected void doStart()
         throws Exception
@@ -353,11 +350,8 @@ protected void doStart()
 
             if (_identityService == null)
             {
-                if (_realmName != null)
-                {
-                    setIdentityService(new DefaultIdentityService());
-                    manage(_identityService);
-                }
+                setIdentityService(new DefaultIdentityService());
+                manage(_identityService);
             }
             else
                 unmanage(_identityService);
@@ -371,7 +365,7 @@ else if (_loginService.getIdentityService() != _identityService)
                 throw new IllegalStateException("LoginService has different IdentityService to " + this);
         }
 
-        if (_authenticator == null && _identityService != null)
+        if (_authenticator == null)
         {
             // If someone has set an authenticator factory only use that, otherwise try the list of discovered factories.
             if (_authenticatorFactory != null)
@@ -418,7 +412,6 @@ else if (_realmName != null)
     }
 
     @Override
-
     protected void doStop() throws Exception
     {
         //if we discovered the services (rather than had them explicitly configured), remove them.

diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/DefaultIdentityServiceTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/DefaultIdentityServiceTest.java
@@ -0,0 +1,94 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.security;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.eclipse.jetty.server.Authentication;
+import org.eclipse.jetty.server.Server;
+import org.junit.jupiter.api.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.instanceOf;
+
+public class DefaultIdentityServiceTest
+{
+    @Test
+    public void testDefaultIdentityService() throws Exception
+    {
+        Server server = new Server();
+        ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
+        TestAuthenticator authenticator = new TestAuthenticator();
+        securityHandler.setAuthenticator(authenticator);
+
+        try
+        {
+            server.setHandler(securityHandler);
+            server.start();
+
+            // The DefaultIdentityService should have been created by default.
+            assertThat(securityHandler.getIdentityService(), instanceOf(DefaultIdentityService.class));
+            assertThat(authenticator.getIdentityService(), instanceOf(DefaultIdentityService.class));
+        }
+        finally
+        {
+            server.stop();
+        }
+    }
+
+    public static class TestAuthenticator implements Authenticator
+    {
+        private IdentityService _identityService;
+
+        public IdentityService getIdentityService()
+        {
+            return _identityService;
+        }
+
+        @Override
+        public void setConfiguration(AuthConfiguration configuration)
+        {
+            _identityService = configuration.getIdentityService();
+        }
+
+        @Override
+        public String getAuthMethod()
+        {
+            return getClass().getSimpleName();
+        }
+
+        @Override
+        public void prepareRequest(ServletRequest request)
+        {
+        }
+
+        @Override
+        public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
+        {
+            return null;
+        }
+
+        @Override
+        public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
+        {
+            return false;
+        }
+    }
+}