处理索引0超出长度0的范围以验证用户方法

I have this method which validates a user trying to login to a web application I am hosting on Tomcat and If I enter a username which does not exist it gives me a Index 0 out of bounds for length 0 instead of returning null and displaying the invalid login credentials page. How can I make sure it returns null if the username does not exist?

验证用户方法:

 public User validateUser(Login login) {

// SQL statement
String sql = "select * from users where username='" + login.getUsername() + "'";
// Running query
List<User> users = jdbcTemplate.query(sql, new UserMapper());
User user = users.get(0);
// Getting encrypted password
String encodedPassword = user.getPassword();
// Getting login password
String rawPassword = login.getPassword();
// Validating them
boolean isPasswordMatch = passwordEncoder.matches(rawPassword, encodedPassword);
if(isPasswordMatch){
    return user;
}
else { 
    return null;
}
}

控制器:

@RequestMapping(value = "/loginProcess", method = RequestMethod.POST)
public ModelAndView loginProcess(HttpServletRequest request, HttpServletResponse response,
@ModelAttribute("login") Login login) {
ModelAndView mav = null;
// Validating user
User user = userService.validateUser(login);
if (null != user) {
// Setting view
mav = new ModelAndView("loginProcess", "firstname", user.getFirstname());
// Creating session and saving user
HttpSession httpSession = request.getSession(true);
httpSession.setAttribute("User", user);
}
// Returning invalid credentials
return mav = new ModelAndView("loginIncorrect");
}