Hi, As reported here:
http://jira.codehaus.org/browse/GRAILSPLUGINS-869 BasicHttpAuthenticationFilter throws an exception if the username or password are not provided. The problem stems from the filter returning null from the its createToken() method, whereas AuthenticatingFilter throws an IllegalStateException if the token is null. The reason I'm raising this on the list is because I'm not sure whether BasicHttpAuthenticationFilter should always produce a valid authentication token (I have a local fix that takes this approach) or AuthenticatingFilter should handle a null token gracefully (by denying access). If people agree that the first approach is better, then I'll commit my fix. Cheers, Peter
