diff --git a/http/form/src/main/java/org/wildfly/security/http/form/FormAuthenticationMechanism.java b/http/form/src/main/java/org/wildfly/security/http/form/FormAuthenticationMechanism.java
index 608e55a62ee..fedf981da90 100644
--- a/http/form/src/main/java/org/wildfly/security/http/form/FormAuthenticationMechanism.java
+++ b/http/form/src/main/java/org/wildfly/security/http/form/FormAuthenticationMechanism.java
@@ -103,7 +103,7 @@ public String getMechanismName() {
     @Override
     public void evaluateRequest(final HttpServerRequest request) throws HttpAuthenticationException {
         // Is current request an authentication attempt?
-        if (POST.equals(request.getRequestMethod()) && isAuthenticationRequest(request.getRequestURI().getPath())) {
+        if (POST.equals(request.getRequestMethod()) && request.getRequestURI() != null && isAuthenticationRequest(request.getRequestURI().getPath())) {
             attemptAuthentication(request);
             return;
         }
@@ -327,7 +327,7 @@ private void sendLogin(HttpServerRequest request, HttpServerResponse response) t
         // Save the current request.
         URI requestURI = request.getRequestURI();
         HttpScope session = getSessionScope(request, true);
-        if (session != null && session.supportsAttachments()) {
+        if (session != null && session.supportsAttachments() && requestURI != null) {
             StringBuilder sb = new StringBuilder();
             String scheme = requestURI.getScheme();
             sb.append(scheme);