avoid NPE when user is null

bubble-server/src/main/java/bubble/filters/BubbleRateLimitFilter.java

@@ -34,8 +34,8 @@ public class BubbleRateLimitFilter extends RateLimitFilter {
     // super-admins have unlimited API usage. helpful when populating models
     @Override protected boolean allowUnlimitedUse(Principal user, ContainerRequestContext request) {
         try {
-            final boolean allowUnlimited = ((Account) user).admin() || request.getUriInfo().getPath().startsWith(getFilterPrefix());
-            if (log.isTraceEnabled()) log.trace("allowUnlimitedUse: allowUnlimited="+allowUnlimited+", admin="+((Account) user).admin()+", path="+request.getUriInfo().getPath()+", filterPrefix="+getFilterPrefix());
+            final boolean allowUnlimited = (user != null && ((Account) user).admin()) || request.getUriInfo().getPath().startsWith(getFilterPrefix());
+            if (log.isTraceEnabled()) log.trace("allowUnlimitedUse: allowUnlimited="+allowUnlimited+", admin="+(user == null ? "null" : ""+((Account) user).admin())+", path="+request.getUriInfo().getPath()+", filterPrefix="+getFilterPrefix());
             return allowUnlimited;
         } catch (Exception e) {
             log.warn("allowUnlimitedUse: "+shortError(e));