request.getRequestPathMB().toString() may return null when requesting the root URI of a webapp ("http://example.com/ctxPath/") and with any security-constraints in place, even when their url-patterns do not apply. BTW, it's bad style to let toString() return null, throwing an exception like IllegalStateException would be a better way. SEVERE: An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.realm.RealmBase.findSecurityConstraints(RealmBase.java:502) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:426) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:613)
I can only reproduce this when requesting http://host/contextpath and there are no welcome files an no mappings to / or /* This has been fixed in trunk and proposed for 6.0.x
Even if there is no default servlet or welcome files, there is still supposed to be a redirection to http://host/contextpath/
This has been applied to 6.0.x and will be included in 6.0.21 onwards.