diff --git a/core/pom.xml b/core/pom.xml
index ebea16ca4d880f699f8ee336d113281b2be2c673..ad177499f0f67ae24a7e186eb0867f4cddf6e08e 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -231,7 +231,7 @@
     <dependency>
       <groupId>org.kohsuke.stapler</groupId>
       <artifactId>stapler</artifactId>
-      <version>1.89</version>
+      <version>1.90</version>
     </dependency>
     <dependency>
       <groupId>org.jvnet.localizer</groupId>
diff --git a/core/src/main/java/hudson/tasks/BuildTrigger.java b/core/src/main/java/hudson/tasks/BuildTrigger.java
index e178a1a6795f8c7064c1b250c19a02571cfa693e..f5291816b876e90f5bd503faac575d85e7ea7212 100644
--- a/core/src/main/java/hudson/tasks/BuildTrigger.java
+++ b/core/src/main/java/hudson/tasks/BuildTrigger.java
@@ -274,7 +274,7 @@ public class BuildTrigger extends Publisher implements DependecyDeclarer, Matrix
          */
         public void doCheck( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException {
             // Require CONFIGURE permission on this project
-            AccessControlled anc = (AccessControlled) req.findAncestor(AccessControlled.class).getObject();
+            AccessControlled anc = req.findAncestorObject(AccessControlled.class);
             new FormFieldValidator(req,rsp,anc,Item.CONFIGURE) {
                 protected void check() throws IOException, ServletException {
                     String list = request.getParameter("value");
diff --git a/core/src/main/java/hudson/tasks/test/AggregatedTestResultPublisher.java b/core/src/main/java/hudson/tasks/test/AggregatedTestResultPublisher.java
index 1ab00108c45630951a2f3f3a784b9eeda23220d0..764bc7dd6b1740eb5771555269cd994316cb7aa0 100644
--- a/core/src/main/java/hudson/tasks/test/AggregatedTestResultPublisher.java
+++ b/core/src/main/java/hudson/tasks/test/AggregatedTestResultPublisher.java
@@ -228,7 +228,7 @@ public class AggregatedTestResultPublisher extends Publisher {
 
         public void doCheck(StaplerRequest req, StaplerResponse rsp, @QueryParameter final String value) throws IOException, ServletException {
             // Require CONFIGURE permission on this project
-            AbstractProject project = (AbstractProject) req.findAncestor(AbstractProject.class).getObject();
+            AbstractProject project = req.findAncestorObject(AbstractProject.class);
 
             new FormFieldValidator(req,rsp,project,Item.CONFIGURE) {
                 protected void check() throws IOException, ServletException {
diff --git a/core/src/main/java/hudson/util/FormFieldValidator.java b/core/src/main/java/hudson/util/FormFieldValidator.java
index 0792f5d11b64d4ed62ccbbfaab0edd0f9bbf55ae..1af1b7f4756e0b17f31e3a71b1c934d7ac74bf1e 100644
--- a/core/src/main/java/hudson/util/FormFieldValidator.java
+++ b/core/src/main/java/hudson/util/FormFieldValidator.java
@@ -7,7 +7,6 @@ import hudson.Util;
 import hudson.model.AbstractProject;
 import hudson.model.Hudson;
 import hudson.model.Item;
-import hudson.model.Job;
 import hudson.security.Permission;
 import hudson.security.AccessControlled;
 
@@ -77,6 +76,8 @@ public abstract class FormFieldValidator {
     public final void process() throws IOException, ServletException {
         if(permission!=null)
             try {
+                if(subject==null)
+                    throw new AccessDeniedException("No subject");
                 subject.checkPermission(permission);
             } catch (AccessDeniedException e) {
                 // if the user has hudson-wisde admin permission, all checks are allowed
@@ -283,7 +284,7 @@ public abstract class FormFieldValidator {
 
         public WorkspaceFileMask(StaplerRequest request, StaplerResponse response, boolean errorIfNotExist) {
             // Require CONFIGURE permission on the job
-            super(request, response, (AbstractProject) request.findAncestor(AbstractProject.class).getObject(), Item.CONFIGURE);
+            super(request, response, request.findAncestorObject(AbstractProject.class), Item.CONFIGURE);
             this.errorIfNotExist = errorIfNotExist;
         }
 
@@ -346,7 +347,7 @@ public abstract class FormFieldValidator {
 
         public WorkspaceFilePath(StaplerRequest request, StaplerResponse response, boolean errorIfNotExist, boolean expectingFile) {
             // Require CONFIGURE permission on this job
-            super(request, response, (AbstractProject) request.findAncestor(AbstractProject.class).getObject(), Item.CONFIGURE);
+            super(request, response, request.findAncestorObject(AbstractProject.class), Item.CONFIGURE);
             this.errorIfNotExist = errorIfNotExist;
             this.expectingFile = expectingFile;
         }
diff --git a/test/pom.xml b/test/pom.xml
index c74a73dd0a70e7848bcc847f27f3adea7f6d6ef0..b5ee747a26005f2f09e85eccf7cca97792fd0e54 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -72,7 +72,7 @@
     <dependency>
       <groupId>org.jvnet.hudson</groupId>
       <artifactId>htmlunit</artifactId>
-      <version>2.2-hudson-5</version>
+      <version>2.2-hudson-7</version>
     </dependency>
     <dependency>
       <!-- for testing JNLP launch. -->
diff --git a/test/src/test/java/hudson/util/FormFieldValidatorTest.java b/test/src/test/java/hudson/util/FormFieldValidatorTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..513792fee0f91668d735c5f3313c7b9bdeb9048b
--- /dev/null
+++ b/test/src/test/java/hudson/util/FormFieldValidatorTest.java
@@ -0,0 +1,18 @@
+package hudson.util;
+
+import org.jvnet.hudson.test.HudsonTestCase;
+import org.jvnet.hudson.test.Bug;
+import org.jvnet.hudson.test.recipes.WithPlugin;
+import hudson.model.FreeStyleProject;
+
+/**
+ * @author Kohsuke Kawaguchi
+ */
+public class FormFieldValidatorTest extends HudsonTestCase {
+    @Bug(2771)
+    @WithPlugin("tasks.hpi")
+    public void test2771() throws Exception {
+        FreeStyleProject p = createFreeStyleProject();
+        new WebClient().getPage(p,"configure");
+    }
+}