diff -Naur tomcat5-5.5.27/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java tomcat5-5.5.27.oden/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java --- tomcat5-5.5.27/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java 2008-08-29 05:13:55.000000000 +0200 +++ tomcat5-5.5.27.oden/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java 2009-06-18 19:24:25.000000000 +0200 @@ -270,8 +270,9 @@ */ public Principal authenticate(String username, String credentials) { - // No user - can't possibly authenticate, don't bother the database then - if (username == null) { + // No user or no credentials + // Can't possibly authenticate, don't bother the database then + if (username == null || credentials == null) { return null; } diff -Naur tomcat5-5.5.27/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java tomcat5-5.5.27.oden/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java --- tomcat5-5.5.27/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java 2008-08-29 05:13:55.000000000 +0200 +++ tomcat5-5.5.27.oden/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java 2009-06-18 19:24:25.000000000 +0200 @@ -393,9 +393,10 @@ String username, String credentials) { - // No user - can't possibly authenticate - if (username == null) { - return (null); + // No user or no credentials + // Can't possibly authenticate, don't bother the database then + if (username == null || credentials == null) { + return null; } // Look up the user's credentials diff -Naur tomcat5-5.5.27/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java tomcat5-5.5.27.oden/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java --- tomcat5-5.5.27/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java 2008-08-29 05:13:55.000000000 +0200 +++ tomcat5-5.5.27.oden/apache-tomcat-5.5.27-src/container/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java 2009-06-18 19:24:25.000000000 +0200 @@ -147,7 +147,7 @@ (GenericPrincipal) principals.get(username); boolean validated = false; - if (principal != null) { + if (principal != null && credentials != null) { if (hasMessageDigest()) { // Hex hashes should be compared case-insensitive validated = (digest(credentials)