TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException

[codeconsole]

TokenBasedRememberMeServices assumes user exists when it could not for various reasons:

1. The user could have been deleted (Most likely)
2. The cookie could be invalid

https://github.com/spring-projects/spring-security/blob/master/web/src/main/java/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.java#L123-L124

There is no check and such an exception is not handled gracefully.
At the very least, it should throw a InvalidCookieException

[eleftherias]

Closed via commit 26ae590