diff --git a/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java b/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java
index 87cb5cc56e..3d332f1cee 100644
--- a/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java
+++ b/core/src/main/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.java
@@ -64,7 +64,7 @@ public AuthenticationInfo beforeAllAttempts(Collection<? extends Realm> realms,
      * otherwise.
      */
     public AuthenticationInfo beforeAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo aggregate) throws AuthenticationException {
-        if (getStopAfterFirstSuccess() && aggregate != null && isEmpty(aggregate.getPrincipals())) {
+        if (getStopAfterFirstSuccess() && aggregate != null && !isEmpty(aggregate.getPrincipals())) {
             throw new ShortCircuitIterationException();
         }
         return aggregate;
diff --git a/core/src/test/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategyTest.java b/core/src/test/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategyTest.java
index 68fe39512e..5f0656602b 100644
--- a/core/src/test/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategyTest.java
+++ b/core/src/test/java/org/apache/shiro/authc/pam/FirstSuccessfulStrategyTest.java
@@ -98,10 +98,22 @@ public void testBeforeAttemptNull() {
         assertNull(strategy.beforeAttempt(null, null, null));
     }
 
+    @Test
+    public void testBeforeAttemptEmptyPrincipal() {
+        AuthenticationInfo aggregate = new SimpleAuthenticationInfo();
+        assertEquals(strategy.beforeAttempt(null, null, aggregate), aggregate);
+    }
+
+    @Test
+    public void testBeforeAttemptEmptyList() {
+        SimplePrincipalCollection principalCollection = new SimplePrincipalCollection();
+        AuthenticationInfo aggregate = new SimpleAuthenticationInfo(principalCollection, null);
+        assertEquals(strategy.beforeAttempt(null, null, aggregate), aggregate);
+    }
+
     @Test (expected=ShortCircuitIterationException.class)
     public void testBeforeAttemptStopAfterFirstSuccess() {
-        AuthenticationInfo aggregate = new SimpleAuthenticationInfo();
+        AuthenticationInfo aggregate = new SimpleAuthenticationInfo("principal", null, "a-realm-name");
         strategy.beforeAttempt(null, null, aggregate);
     }
-
 }