jsp实现登陆，字符串问题

本人想实现登陆功能，并检验用户密码是否正确。用户名和密码都为数字或字母时可以登陆，但当用户名为数字和字母的组合，密码为数字时，报空指针异常，相关代码如下
（这是一个论坛的登陆，登陆成功后跳转到消息界面）

表单代码

 <form action ="loginCheck.jsp" method ="post">
  
  <table >
  <tr>
  <td>用户名</td>
  <td><input type = "text" name = "username" /></td>
  
  </tr>
   <tr>
  <td>密&nbsp码&nbsp</td>
  <td> <input type = "password" name = "password" /></td>
  
  
  </table>
  
  <input type = "submit" value = "登陆"/>
   <a href = "register.jsp">  <input type = "button" value = "注册"/>  </a>
  
  
  
  </form>

JSP代码

  <%
    String username = (String)request.getParameter("username");
    String password = (String)request.getParameter("password");

    User user = DAOFactory.getUserDAOInstance().findByName(username);

    try{
   if(password.equals(user.getPassword())){
    out.print("success");
    session.setAttribute("username", username);
    response.sendRedirect("forum.jsp");
    }else{
    out.print("error");
    out.print(user.getPassword());//测试使用
    }   
    }catch(Exception e){
    e.printStackTrace();
    }
 
     %>

1. 贴上报错信息

java.lang.NullPointerException
    at org.apache.jsp.loginCheck_jsp._jspService(loginCheck_jsp.java:105)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2522)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2511)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)