I was testing grizzy when I ran into a null pointer exception while parsing credentials.
Here's the fix: Index: SecurityUtils.java =================================================================== --- SecurityUtils.java (revision 2136) +++ SecurityUtils.java (working copy) @@ -292,8 +292,12 @@ if (result.getScheme().equals(ChallengeScheme.HTTP_BASIC)) { try { - credentials = new String(Base64.decode(result - .getCredentials()), "US-ASCII"); + byte [] credentialsEncoded = Base64.decode(result.getCredentials()); + if (credentialsEncoded==null) { + logger.warning("Cannot decode credentials: "+result.getCredentials()); + return null; + } + credentials = new String(credentialsEncoded, "US-ASCII"); int separator = credentials.indexOf(':'); Unfortunately, this error is cause by the authorization header being mangled somehow in the grizzly connector. I haven't located the problem yet. BTW, there are some System.out and System.err uses in Base64.java that would be better served as either an exception or being set to a Logger instance. --Alex Milowski