diff --git a/src/main/java/org/olat/course/site/CourseSiteDef.java b/src/main/java/org/olat/course/site/CourseSiteDef.java
index c8455e409bf7bdc77f4ba4a77ce2d4e8d1106b10..602d5bdc0573f2f03ff07316f2a7051c0324cc7e 100644
--- a/src/main/java/org/olat/course/site/CourseSiteDef.java
+++ b/src/main/java/org/olat/course/site/CourseSiteDef.java
@@ -29,6 +29,7 @@ import org.olat.core.gui.control.navigation.SiteDefinitions;
 import org.olat.core.gui.control.navigation.SiteInstance;
 import org.olat.core.gui.control.navigation.SiteSecurityCallback;
 import org.olat.core.util.StringHelper;
+import org.olat.core.util.UserSession;
 import org.olat.course.site.model.CourseSiteConfiguration;
 import org.olat.course.site.model.LanguageConfiguration;
 
@@ -88,10 +89,13 @@ public class CourseSiteDef extends AbstractSiteDefinition implements SiteDefinit
 		
 		String secCallbackBeanId = config.getSecurityCallbackBeanId();
 		SiteSecurityCallback siteSecCallback = (SiteSecurityCallback)CoreSpringFactory.getBean(secCallbackBeanId);
+		
+		UserSession usess = ureq.getUserSession();
+		if(usess == null || usess.getRoles() == null) return null;
 
-		boolean canSeeToolController = ureq.getUserSession().getRoles().isAuthor()
-				|| ureq.getUserSession().getRoles().isOLATAdmin()
-				|| ureq.getUserSession().getRoles().isInstitutionalResourceManager();
+		boolean canSeeToolController = usess.getRoles().isAuthor()
+				|| usess.getRoles().isOLATAdmin()
+				|| usess.getRoles().isInstitutionalResourceManager();
 		boolean showToolController = true;
 		if (!canSeeToolController && !courseConfig.isToolbar()) {
 			showToolController = false;