http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
index d2f10c3..ef3449d 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java
@@ -63,9 +63,8 @@ public class AbstractJwsJsonWriterProvider {
             if (sigProviders == null) {
                 LOG.warning("JWS JSON init properties resource is not 
identified");
                 throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
-            } else {
-                return Collections.emptyList();
             }
+            return Collections.emptyList();
         }
         List<String> propLocs = null;
         if (propLocsProp instanceof String) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 04e3a9a..0c21fd1 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -101,9 +101,8 @@ public final class KeyManagementUtils {
             Certificate[] certs = keyStore.getCertificateChain(alias);
             if (certs != null) {
                 return Arrays.copyOf(certs, certs.length, 
X509Certificate[].class);
-            } else {
-                return new 
X509Certificate[]{(X509Certificate)CryptoUtils.loadCertificate(keyStore, 
alias)};
             }
+            return new 
X509Certificate[]{(X509Certificate)CryptoUtils.loadCertificate(keyStore, 
alias)};
         } catch (Exception ex) {
             LOG.warning("X509 Certificates can not be created");
             throw new JoseException(ex);
@@ -347,9 +346,8 @@ public final class KeyManagementUtils {
                 }
             }
             return certs;
-        } else {
-            return null;
         }
+        return null;
     }
     //TODO: enhance the certificate validation code
     public static void validateCertificateChain(Properties storeProperties, 
List<X509Certificate> inCerts) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index 6d90565..73db703 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -65,12 +65,11 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm 
implements KeyEncryptio
         }
         if (!wrap) {
             return CryptoUtils.encryptBytes(cek, keyEncryptionKey, 
secretKeyProperties);
-        } else {
-            return CryptoUtils.wrapSecretKey(cek,
-                                             
getContentEncryptionAlgoJava(headers),
-                                             keyEncryptionKey,
-                                             secretKeyProperties);
         }
+        return CryptoUtils.wrapSecretKey(cek,
+                                         getContentEncryptionAlgoJava(headers),
+                                         keyEncryptionKey,
+                                         secretKeyProperties);
     }
     protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
         return 
AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm().getJwaName());

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
index c2a8126..3eab1ff 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java
@@ -104,9 +104,8 @@ public class EcdhDirectKeyJweEncryption extends 
JweEncryption {
         private byte[] toApuBytes(String apuString) {
             if (apuString != null) {
                 return toBytes(apuString);
-            } else {
-                return CryptoUtils.generateSecureRandomBytes(512 / 8);
             }
+            return CryptoUtils.generateSecureRandomBytes(512 / 8);
 
         }
         private byte[] toBytes(String str) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
index 0be53e1..6076ee9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java
@@ -62,10 +62,9 @@ public class JweOutputStream extends FilterOutputStream {
             len -= lenToCopy;
             if (lastRawDataChunk.length < blockSize) {
                 return;
-            } else {
-                encryptAndWrite(lastRawDataChunk, 0, lastRawDataChunk.length);
-                lastRawDataChunk = null;
             }
+            encryptAndWrite(lastRawDataChunk, 0, lastRawDataChunk.length);
+            lastRawDataChunk = null;
         }
         int offset = 0;
         int chunkSize = blockSize > len ? blockSize : blockSize * (len / 
blockSize);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 9fa4ec6..d4eea8d 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -83,9 +83,8 @@ public final class JweUtils {
         if (keyAlgo != null) {
             KeyEncryptionProvider keyEncryptionProvider = 
getSecretKeyEncryptionAlgorithm(key, keyAlgo);
             return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
-        } else {
-            return encryptDirect(key, contentAlgo, content, ct);
         }
+        return encryptDirect(key, contentAlgo, content, ct);
     }
     public static String encrypt(JsonWebKey key, ContentAlgorithm contentAlgo, 
byte[] content, String ct) {
         KeyEncryptionProvider keyEncryptionProvider = 
getKeyEncryptionProvider(key);
@@ -110,9 +109,8 @@ public final class JweUtils {
         if (keyAlgo != null) {
             KeyDecryptionProvider keyDecryptionProvider = 
getSecretKeyDecryptionProvider(key, keyAlgo);
             return decrypt(keyDecryptionProvider, contentAlgo, content);
-        } else {
-            return decryptDirect(key, contentAlgo, content);
         }
+        return decryptDirect(key, contentAlgo, content);
     }
     public static byte[] decrypt(JsonWebKey key, ContentAlgorithm contentAlgo, 
String content) {
         KeyDecryptionProvider keyDecryptionProvider = 
getKeyDecryptionProvider(key);
@@ -255,9 +253,8 @@ public final class JweUtils {
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
             return getContentEncryptionProvider(JwkUtils.toSecretKey(jwk), 
ctAlgo);
-        } else {
-            return null;
         }
+        return null;
     }
     public static ContentEncryptionProvider 
getContentEncryptionProvider(SecretKey key,
                                                                           
ContentAlgorithm algorithm) {
@@ -303,9 +300,8 @@ public final class JweUtils {
     public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) {
         if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) {
             return getEcDirectKeyJweEncryption(key, ContentAlgorithm.A128GCM);
-        } else {
-            return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), 
getContentAlgo(key.getAlgorithm()));
         }
+        return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), 
getContentAlgo(key.getAlgorithm()));
     }
     public static JweEncryption getEcDirectKeyJweEncryption(JsonWebKey key, 
ContentAlgorithm ctAlgo) {
         if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) {
@@ -315,9 +311,8 @@ public final class JweUtils {
             }
             ECPublicKey ecKey = JwkUtils.toECPublicKey(key);
             return new EcdhDirectKeyJweEncryption(ecKey, curve, ctAlgo);
-        } else {
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
         }
+        throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
     }
     public static JweEncryption getDirectKeyJweEncryption(SecretKey key, 
ContentAlgorithm algo) {
         return getDirectKeyJweEncryption(key.getEncoded(), algo);
@@ -325,17 +320,15 @@ public final class JweUtils {
     public static JweEncryption getDirectKeyJweEncryption(byte[] key, 
ContentAlgorithm algo) {
         if (AlgorithmUtils.isAesCbcHmac(algo.getJwaName())) {
             return new AesCbcHmacJweEncryption(algo, key, null, new 
DirectKeyEncryptionAlgorithm());
-        } else {
-            return new JweEncryption(new DirectKeyEncryptionAlgorithm(),
-                                 getContentEncryptionProvider(key, algo));
         }
+        return new JweEncryption(new DirectKeyEncryptionAlgorithm(),
+                             getContentEncryptionProvider(key, algo));
     }
     public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) {
         if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) {
             return getEcDirectKeyJweDecryption(key, ContentAlgorithm.A128GCM);
-        } else {
-            return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), 
getContentAlgo(key.getAlgorithm()));
         }
+        return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), 
getContentAlgo(key.getAlgorithm()));
     }
     public static JweDecryption getDirectKeyJweDecryption(SecretKey key, 
ContentAlgorithm algorithm) {
         return getDirectKeyJweDecryption(key.getEncoded(), algorithm);
@@ -343,10 +336,9 @@ public final class JweUtils {
     public static JweDecryption getDirectKeyJweDecryption(byte[] key, 
ContentAlgorithm algorithm) {
         if (AlgorithmUtils.isAesCbcHmac(algorithm.getJwaName())) {
             return new AesCbcHmacJweDecryption(new 
DirectKeyDecryptionAlgorithm(key), algorithm);
-        } else {
-            return new JweDecryption(new DirectKeyDecryptionAlgorithm(key),
-                                 getContentDecryptionProvider(algorithm));
         }
+        return new JweDecryption(new DirectKeyDecryptionAlgorithm(key),
+                             getContentDecryptionProvider(algorithm));
     }
     public static JweDecryption getEcDirectKeyJweDecryption(JsonWebKey key, 
ContentAlgorithm ctAlgo) {
         if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) {
@@ -356,9 +348,8 @@ public final class JweUtils {
             }
             ECPrivateKey ecKey = JwkUtils.toECPrivateKey(key);
             return new EcdhDirectKeyJweDecryption(ecKey, ctAlgo);
-        } else {
-            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
         }
+        throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
     }
     public static JweEncryptionProvider loadEncryptionProvider(boolean 
required) {
         return loadEncryptionProvider(null, required);
@@ -631,10 +622,9 @@ public final class JweUtils {
         ContentAlgorithm contentEncryptionAlgo = 
headers.getContentEncryptionAlgorithm();
         if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo.getJwaName())) {
             return new AesCbcHmacJweEncryption(contentEncryptionAlgo, 
keyEncryptionProvider, generateCekOnce);
-        } else {
-            return new JweEncryption(keyEncryptionProvider,
-                                     
getContentEncryptionProvider(contentEncryptionAlgo, generateCekOnce));
         }
+        return new JweEncryption(keyEncryptionProvider,
+                                 
getContentEncryptionProvider(contentEncryptionAlgo, generateCekOnce));
     }
     public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey 
key,
                                                                     
KeyAlgorithm keyAlgo,
@@ -654,10 +644,9 @@ public final class JweUtils {
                                                                     
ContentAlgorithm contentDecryptionAlgo) {
         if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo.getJwaName())) {
             return new AesCbcHmacJweDecryption(keyDecryptionProvider, 
contentDecryptionAlgo);
-        } else {
-            return new JweDecryption(keyDecryptionProvider,
-                                     
getContentDecryptionProvider(contentDecryptionAlgo));
         }
+        return new JweDecryption(keyDecryptionProvider,
+                                 
getContentDecryptionProvider(contentDecryptionAlgo));
     }
     public static boolean validateCriticalHeaders(JoseHeaders headers) {
         //TODO: Validate JWE specific constraints
@@ -733,9 +722,8 @@ public final class JweUtils {
             newAAD[headersAAD.length] = '.';
             System.arraycopy(aad, 0, newAAD, headersAAD.length + 1, 
aad.length);
             return newAAD;
-        } else {
-            return headersAAD;
         }
+        return headersAAD;
     }
     private static byte[] calculateDerivedKey(byte[] keyZ,
                                               String algoName,
@@ -827,9 +815,8 @@ public final class JweUtils {
                 contentEncryptionAlgo.getJwaName(), compression, headers);
         if (ctEncryptionProvider == null) {
             return createJweEncryptionProvider(keyEncryptionProvider, headers);
-        } else {
-            return new JweEncryption(keyEncryptionProvider, 
ctEncryptionProvider);
         }
+        return new JweEncryption(keyEncryptionProvider, ctEncryptionProvider);
     }
     private static JweDecryptionProvider 
createJweDecryptionProvider(KeyDecryptionProvider keyDecryptionProvider,
                                                                     SecretKey 
ctDecryptionKey,
@@ -840,9 +827,8 @@ public final class JweUtils {
         }
         if (keyDecryptionProvider != null) {
             return createJweDecryptionProvider(keyDecryptionProvider, 
contentDecryptionAlgo);
-        } else {
-            return getDirectKeyJweDecryption(ctDecryptionKey, 
contentDecryptionAlgo);
         }
+        return getDirectKeyJweDecryption(ctDecryptionKey, 
contentDecryptionAlgo);
     }
     public static KeyAlgorithm getKeyEncryptionAlgorithm(Message m, Properties 
props,
                                                    KeyAlgorithm algo, 
KeyAlgorithm defaultAlgo) {
@@ -944,12 +930,11 @@ public final class JweUtils {
         String storeType = 
props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE);
         if ("jwk".equals(storeType)) {
             return JwkUtils.loadPublicJwkSet(m, props);
-        } else {
-            //TODO: consider loading all the public keys in the store
-            PublicKey key = KeyManagementUtils.loadPublicKey(m, props);
-            JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, 
JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM);
-            return new JsonWebKeys(jwk);
         }
+        //TODO: consider loading all the public keys in the store
+        PublicKey key = KeyManagementUtils.loadPublicKey(m, props);
+        JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, 
JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM);
+        return new JsonWebKeys(jwk);
     }
     
     public static Properties loadJweProperties(Message m, String propLoc) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index cf482dd..510e43a 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -105,9 +105,8 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm 
implements KeyEncryptionProvi
                 LOG.warning("Password hash calculation error");
                 throw new 
JweException(JweException.Error.KEY_ENCRYPTION_FAILURE, ex);
             }
-        } else {
-            return p;
         }
+        return p;
     }
     @Override
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] 
cek) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index e87080d..afe8293 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -51,12 +51,11 @@ public class WrappedKeyDecryptionAlgorithm implements 
KeyDecryptionProvider {
             keyProps.setBlockSize(getKeyCipherBlockSize());
             return 
CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(jweDecryptionInput),
                                             getCekDecryptionKey(), keyProps);
-        } else {
-            return 
CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(jweDecryptionInput),
-                                               
getContentEncryptionAlgorithm(jweDecryptionInput),
-                                               getCekDecryptionKey(),
-                                               keyProps).getEncoded();
         }
+        return 
CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(jweDecryptionInput),
+                                           
getContentEncryptionAlgorithm(jweDecryptionInput),
+                                           getCekDecryptionKey(),
+                                           keyProps).getEncoded();
     }
 
     protected Key getCekDecryptionKey() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
index 92f2aaf..7141e65 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java
@@ -46,18 +46,16 @@ public class JsonWebKeys extends JsonMapObject {
             Object first = list.get(0);
             if (first instanceof JsonWebKey) {
                 return CastUtils.cast(list);
-            } else {
-                List<JsonWebKey> keys = new LinkedList<JsonWebKey>();
-                List<Map<String, Object>> listOfMaps =
-                    CastUtils.cast((List<?>)super.getProperty(KEYS_PROPERTY));
-                for (Map<String, Object> map : listOfMaps) {
-                    keys.add(new JsonWebKey(map));
-                }
-                return keys;
             }
-        } else {
-            return null;
+            List<JsonWebKey> keys = new LinkedList<JsonWebKey>();
+            List<Map<String, Object>> listOfMaps =
+                CastUtils.cast((List<?>)super.getProperty(KEYS_PROPERTY));
+            for (Map<String, Object> map : listOfMaps) {
+                keys.add(new JsonWebKey(map));
+            }
+            return keys;
         }
+        return null;
     }
     public final void setKey(JsonWebKey key) {
         setKeys(Collections.singletonList(key));

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 4b67ff6..bd2ad6a 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -284,10 +284,9 @@ public final class JwkUtils {
         JwkReaderWriter reader = new JwkReaderWriter();
         if (props.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKKEY) == null) {
             return reader.jsonToJwkSet(keyContent);
-        } else {
-            JsonWebKey jwk = reader.jsonToJwk(keyContent);
-            return new JsonWebKeys(jwk);
         }
+        JsonWebKey jwk = reader.jsonToJwk(keyContent);
+        return new JsonWebKeys(jwk);
     }
 
     public static JsonWebKey loadJsonWebKey(Message m, Properties props, 
KeyOperation keyOper) {
@@ -415,24 +414,23 @@ public final class JwkUtils {
         String encodedPrimeP = 
(String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR);
         if (encodedPrimeP == null) {
             return CryptoUtils.getRSAPrivateKey(encodedModulus, 
encodedPrivateExponent);
-        } else {
-            String encodedPublicExponent = 
(String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
-            if (encodedPublicExponent == null) {
-                throw new JoseException("JWK without the public exponent can 
not be converted to RSAPrivateKey");
-            }
-            String encodedPrimeQ = 
(String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR);
-            String encodedPrimeExpP = 
(String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT);
-            String encodedPrimeExpQ = 
(String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT);
-            String encodedCrtCoefficient = 
(String)jwk.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT);
-            return CryptoUtils.getRSAPrivateKey(encodedModulus,
-                                                encodedPublicExponent,
-                                                encodedPrivateExponent,
-                                                encodedPrimeP,
-                                                encodedPrimeQ,
-                                                encodedPrimeExpP,
-                                                encodedPrimeExpQ,
-                                                encodedCrtCoefficient);
         }
+        String encodedPublicExponent = 
(String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP);
+        if (encodedPublicExponent == null) {
+            throw new JoseException("JWK without the public exponent can not 
be converted to RSAPrivateKey");
+        }
+        String encodedPrimeQ = 
(String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR);
+        String encodedPrimeExpP = 
(String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT);
+        String encodedPrimeExpQ = 
(String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT);
+        String encodedCrtCoefficient = 
(String)jwk.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT);
+        return CryptoUtils.getRSAPrivateKey(encodedModulus,
+                                            encodedPublicExponent,
+                                            encodedPrivateExponent,
+                                            encodedPrimeP,
+                                            encodedPrimeQ,
+                                            encodedPrimeExpP,
+                                            encodedPrimeExpQ,
+                                            encodedCrtCoefficient);
     }
     public static JsonWebKey fromRSAPrivateKey(RSAPrivateKey pk, String algo) {
         return fromRSAPrivateKey(pk, algo, null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index 83e4a62..5ca6783 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -109,9 +109,8 @@ public class JwsJsonConsumer {
     public String getDecodedJwsPayload() {
         if (validateB64Status()) {
             return JoseUtils.decodeToString(jwsPayload);
-        } else {
-            return jwsPayload;
         }
+        return jwsPayload;
     }
     public byte[] getDecodedJwsPayloadBytes() {
         return StringUtils.toBytesUTF8(getDecodedJwsPayload());
@@ -220,9 +219,8 @@ public class JwsJsonConsumer {
             JwsJsonProducer producer = new 
JwsJsonProducer(getDecodedJwsPayload());
             producer.getSignatureEntries().addAll(nonValidated);
             return producer.getJwsJsonSignedDocument();
-        } else {
-            return null;
         }
+        return null;
     }
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java
index df0dd8a..9657bdd 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java
@@ -80,9 +80,8 @@ public class JwsJsonSignatureEntry implements JsonObject {
     public String getDecodedJwsPayload() {
         if (protectedHeader == null || 
!JwsUtils.isPayloadUnencoded(protectedHeader)) {
             return JoseUtils.decodeToString(jwsPayload);
-        } else {
-            return jwsPayload;
         }
+        return jwsPayload;
     }
     public byte[] getDecodedJwsPayloadBytes() {
         return StringUtils.toBytesUTF8(getDecodedJwsPayload());
@@ -108,9 +107,8 @@ public class JwsJsonSignatureEntry implements JsonObject {
     public String getUnsignedSequence() {
         if (getEncodedProtectedHeader() != null) {
             return getEncodedProtectedHeader() + "." + getJwsPayload();
-        } else {
-            return "." + getJwsPayload();
         }
+        return "." + getJwsPayload();
     }
     public String getKeyId() {
         return getUnionHeader().getKeyId();

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index b3a5c42..c571248 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -525,19 +525,18 @@ public final class JwsUtils {
         String storeType = 
props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE);
         if ("jwk".equals(storeType)) {
             return JwkUtils.loadPublicJwkSet(m, props);
-        } else {
-            X509Certificate[] certs = null;
-            if 
(PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
-                certs = KeyManagementUtils.loadX509CertificateOrChain(m, 
props);
-            }
-            PublicKey key = certs != null && certs.length > 0
-                ? certs[0].getPublicKey() : 
KeyManagementUtils.loadPublicKey(m, props);
-            JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, 
JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
-            jwk.setPublicKeyUse(PublicKeyUse.SIGN);
-            if (certs != null) {
-                
jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
-            }
-            return new JsonWebKeys(jwk);
         }
+        X509Certificate[] certs = null;
+        if 
(PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
+            certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
+        }
+        PublicKey key = certs != null && certs.length > 0
+            ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, 
props);
+        JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, 
JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
+        jwk.setPublicKeyUse(PublicKeyUse.SIGN);
+        if (certs != null) {
+            
jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
+        }
+        return new JsonWebKeys(jwk);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index 7dfaf88..7488f74 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -74,9 +74,8 @@ public class JwtClaims extends JsonMapObject {
         List<String> audiences = getAudiences();
         if (!StringUtils.isEmpty(audiences)) {
             return audiences.get(0);
-        } else {
-            return null;
         }
+        return null;
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
index b98aeda..054bc8a 100644
--- 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
@@ -165,10 +165,9 @@ public class AbstractAuthFilter {
             if (consumerSecret != null && 
!consumerSecret.equals(client.getSecretKey())) {
                 LOG.warning("Client secret is invalid");
                 throw new 
OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
-            } else {
-                OAuthUtils.validateMessage(oAuthMessage, client, null,
-                                           dataProvider, validator);
             }
+            OAuthUtils.validateMessage(oAuthMessage, client, null,
+                                       dataProvider, validator);
             accessToken = client.getPreAuthorizedToken();
             if (accessToken == null || !accessToken.isPreAuthorized()) {
                 LOG.warning("Preauthorized access token is unavailable");

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
index 63ef8d0..cd4f120 100644
--- 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
+++ 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
@@ -49,14 +49,13 @@ public class DefaultOAuthValidator extends 
SimpleOAuthValidator {
         throws OAuthProblemException {
         if (token == null) {
             throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
-        } else {
-            Long issuedAt = token.getIssuedAt();
-            Long lifetime = token.getLifetime();
-            if (lifetime != -1
-                && (issuedAt + lifetime < (System.currentTimeMillis() / 
1000))) {
-                provider.removeToken(token);
-                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
-            }
+        }
+        Long issuedAt = token.getIssuedAt();
+        Long lifetime = token.getLifetime();
+        if (lifetime != -1
+            && (issuedAt + lifetime < (System.currentTimeMillis() / 1000))) {
+            provider.removeToken(token);
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
         }
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
index 584166c..fa62e68d 100644
--- 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
@@ -151,10 +151,9 @@ public class AuthorizationRequestHandler {
             if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
                 OOBAuthorizationResponse bean = 
convertQueryParamsToOOB(queryParams);
                 return Response.ok().entity(bean).build();
-            } else {
-                URI callbackURI = buildCallbackURI(callbackValue, queryParams);
-                return Response.seeOther(callbackURI).build();
             }
+            URI callbackURI = buildCallbackURI(callbackValue, queryParams);
+            return Response.seeOther(callbackURI).build();
 
         } catch (OAuthProblemException e) {
             LOG.log(Level.WARNING, "An OAuth related problem: {0}", new 
Object[]{e.fillInStackTrace()});

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index f294bf9..c5c0768 100644
--- 
a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -145,9 +145,8 @@ public class Saml2BearerGrantHandler extends 
AbstractGrantHandler {
             return new SamlUserSubject(jaxrsSc.getUserPrincipal().getName(),
                                        roles,
                                        jaxrsSc.getClaims());
-        } else {
-            return new UserSubject(sc.getUserPrincipal().getName());
         }
+        return new UserSubject(sc.getUserPrincipal().getName());
 
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
 
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
index 104ca5a..885fb42 100644
--- 
a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
+++ 
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -116,9 +116,8 @@ public class SamlOAuthValidator {
                              .path(accessTokenServiceAddress)
                              .build()
                              .toString();
-        } else {
-            return accessTokenServiceAddress;
         }
+        return accessTokenServiceAddress;
     }
 
     private boolean validateAuthenticationSubject(Message m,

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
index 93dce4e..16ccd9a 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
@@ -62,10 +62,8 @@ public class BearerAuthSupplier extends AbstractAuthSupplier 
implements HttpAuth
         // the last call resulted in 401, trying to refresh the token(s)
         if (refreshAccessToken(authPolicy)) {
             return createAuthorizationHeader();
-        } else {
-            return null;
-
         }
+        return null;
     }
     private void refreshAccessTokenIfExpired(AuthorizationPolicy authPolicy) {
         ClientAccessToken at = getClientAccessToken();

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index ab1ec2f..e832b27 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -107,16 +107,15 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
             Response codeResponse = createCodeResponse(rc, ui);
             rc.abortWith(codeResponse);
             return;
-        } else {
-            // complete the code flow if possible
-            MultivaluedMap<String, String> requestParams = toRequestState(rc, 
ui);
-            if (codeResponseQueryParamsAvailable(requestParams)
-                && (completeUri == null || 
absoluteRequestUri.endsWith(completeUri))) {
-                processCodeResponse(rc, ui, requestParams);
-                checkSecurityContextEnd(rc, requestParams);
-                // let the request continue
-                return;
-            }
+        }
+        // complete the code flow if possible
+        MultivaluedMap<String, String> requestParams = toRequestState(rc, ui);
+        if (codeResponseQueryParamsAvailable(requestParams)
+            && (completeUri == null || 
absoluteRequestUri.endsWith(completeUri))) {
+            processCodeResponse(rc, ui, requestParams);
+            checkSecurityContextEnd(rc, requestParams);
+            // let the request continue
+            return;
         }
         // neither the start nor the end of the flow
         rc.abortWith(Response.status(401).build());
@@ -249,13 +248,12 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
     private AuthorizationCodeGrant prepareCodeGrant(String codeParam, URI 
absoluteRedirectUri) {
         if (codeRequestJoseProducer == null) {
             return new AuthorizationCodeGrant(codeParam, absoluteRedirectUri);
-        } else {
-            JwtRequestCodeGrant grant =
-                new JwtRequestCodeGrant(codeParam, absoluteRedirectUri, 
consumer.getClientId());
-            grant.setClientSecret(consumer.getClientSecret());
-            grant.setJoseProducer(codeRequestJoseProducer);
-            return grant;
         }
+        JwtRequestCodeGrant grant =
+            new JwtRequestCodeGrant(codeParam, absoluteRedirectUri, 
consumer.getClientId());
+        grant.setClientSecret(consumer.getClientSecret());
+        grant.setJoseProducer(codeRequestJoseProducer);
+        return grant;
     }
 
     protected ClientTokenContext 
initializeClientTokenContext(ContainerRequestContext rc,

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 5a41ebc..45baf91 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -317,9 +317,8 @@ public final class OAuthClientUtils {
             ClientAccessToken token = fromMapToClientToken(map, 
defaultTokenType);
             if (token == null) {
                 throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
-            } else {
-                return token;
             }
+            return token;
         } else if (response.getStatus() >= 400 && 
map.containsKey(OAuthConstants.ERROR_KEY)) {
             OAuthError error = new 
OAuthError(map.get(OAuthConstants.ERROR_KEY),
                                               
map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
index 526410d..02aea4c 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
@@ -63,8 +63,7 @@ public class ClientAccessToken extends AccessToken {
     public String toString() {
         if 
(OAuthConstants.BEARER_AUTHORIZATION_SCHEME.equalsIgnoreCase(super.getTokenType()))
 {
             return OAuthConstants.BEARER_AUTHORIZATION_SCHEME + " " + 
super.getTokenKey();
-        } else {
-            return super.toString();
         }
+        return super.toString();
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index c3808d4..17cb6a8 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -219,9 +219,8 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
     protected boolean checkScopeProperty(String scope) {
         if (!requiredScopes.isEmpty()) {
             return requiredScopes.contains(scope);
-        } else {
-            return true;
         }
+        return true;
     }
     public void setUseUserSubject(boolean useUserSubject) {
         this.useUserSubject = useUserSubject;
@@ -292,9 +291,8 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
     protected String[] getAuthorizationParts(Message m) {
         if (!checkFormData) {
             return 
AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
-        } else {
-            return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, 
getTokenFromFormData(m)};
         }
+        return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, 
getTokenFromFormData(m)};
     }
 
     protected String getTokenFromFormData(Message message) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
index 4410a56..5f8b597 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
@@ -197,8 +197,7 @@ public abstract class AbstractGrantHandler implements 
AccessTokenGrantHandler {
                 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
             }
             return audiences;
-        } else {
-            return client.getRegisteredAudiences();
         }
+        return client.getRegisteredAudiences();
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index a5f0e2a..22557e7 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -116,12 +116,11 @@ public class AuthorizationCodeGrantHandler extends 
AbstractGrantHandler {
                     
JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, 
grant.getNonce());
                 }
                 return token;
-            } else {
-                // the grant was issued based on the authorization time check 
confirming the
-                // token was available but it has expired by now or been 
removed then
-                // creating a completely new token can be wrong - though this 
needs to be reviewed
-                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
             }
+            // the grant was issued based on the authorization time check 
confirming the
+            // token was available but it has expired by now or been removed 
then
+            // creating a completely new token can be wrong - though this 
needs to be reviewed
+            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
         }
         // Make sure the client supports the authorization code in cases where
         // the implicit/hybrid service was initiating the code grant 
processing flow

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
index bcc2ee7..1c951ac 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java
@@ -79,9 +79,8 @@ public class JPACMTCodeDataProvider extends 
JPACodeDataProvider {
             // lock RT for update
             lockRefreshTokenForUpdate(rt);
             return super.updateRefreshToken(rt, at);
-        } else {
-            return super.updateExistingRefreshToken(rt, at);
         }
+        return super.updateExistingRefreshToken(rt, at);
     }
     
     protected void lockRefreshTokenForUpdate(final RefreshToken refreshToken) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 364f912..fc63fe0 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -98,9 +98,8 @@ public class JwtRequestCodeFilter extends 
OAuthJoseJwtConsumer implements Author
                 newParams.putSingle(key, value.toString());
             }
             return newParams;
-        } else {
-            return params;
         }
+        return params;
     }
     private boolean isRequestUriValid(Client client, String requestUri) {
         //TODO: consider restricting to specific hosts

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java
index 66554ff..7780c16 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java
@@ -72,9 +72,8 @@ public class JwtBearerAuthHandler extends 
OAuthServerJoseJwtConsumer implements
             client = clientProvider.getClient(clientId);
             if (client == null) {
                 throw ExceptionUtils.toNotAuthorizedException(null, null);
-            } else {
-                message.put(Client.class, client);
             }
+            message.put(Client.class, client);
         }
         JwtToken token = super.getJwtToken(assertion, client);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 07ac41f..89a45b1 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -268,14 +268,13 @@ public abstract class AbstractOAuthDataProvider 
implements OAuthDataProvider, Cl
         checkRequestedScopes(client, requestedScopes);
         if (requestedScopes.isEmpty()) {
             return Collections.emptyList();
-        } else {
-            List<OAuthPermission> list = new ArrayList<>();
-            for (String scope : requestedScopes) {
-                convertSingleScopeToPermission(client, scope, list);
-            }
-            if (!list.isEmpty()) {
-                return list;
-            }
+        }
+        List<OAuthPermission> list = new ArrayList<>();
+        for (String scope : requestedScopes) {
+            convertSingleScopeToPermission(client, scope, list);
+        }
+        if (!list.isEmpty()) {
+            return list;
         }
         throw new OAuthServiceException("Requested scopes can not be mapped");
 
@@ -341,9 +340,8 @@ public abstract class AbstractOAuthDataProvider implements 
OAuthDataProvider, Cl
             MultivaluedMap<String, String> params = 
                 (MultivaluedMap<String, 
String>)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS);
             return params;
-        } else {
-            return null;
         }
+        return null;
     }
     protected RefreshToken updateExistingRefreshToken(RefreshToken rt, 
ServerAccessToken at) {
         synchronized (refreshTokenLock) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
index e12c515..363bff3 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
@@ -167,9 +167,8 @@ public class DefaultEHCacheOAuthDataProvider extends 
AbstractOAuthDataProvider {
         Element e = cache.get(key);
         if (e != null) {
             return cls.cast(e.getObjectValue());
-        } else {
-            return null;
         }
+        return null;
     }
     protected static void putCacheValue(Ehcache cache, String key, Object 
value, long ttl) {
         Element element = new Element(key, value);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
index 0ace50c..d2be7d3 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java
@@ -132,9 +132,8 @@ public class JCacheOAuthDataProvider extends 
AbstractOAuthDataProvider {
     public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) {
         if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
             return getJwtAccessTokens(c, sub);
-        } else {
-            return getTokens(accessTokenCache, c, sub);
         }
+        return getTokens(accessTokenCache, c, sub);
     }
 
     @Override
@@ -146,9 +145,8 @@ public class JCacheOAuthDataProvider extends 
AbstractOAuthDataProvider {
     public ServerAccessToken getAccessToken(String accessTokenKey) throws 
OAuthServiceException {
         if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
             return getJwtAccessToken(accessTokenKey);
-        } else {
-            return getToken(accessTokenCache, accessTokenKey);
         }
+        return getToken(accessTokenCache, accessTokenKey);
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
index 56ba35c..3ab720b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
@@ -311,10 +311,9 @@ public class JPAOAuthDataProvider extends 
AbstractOAuthDataProvider {
     protected TypedQuery<Client> getClientsQuery(UserSubject 
resourceOwnerSubject, EntityManager entityManager) {
         if (resourceOwnerSubject == null) {
             return entityManager.createQuery(CLIENT_QUERY, Client.class);
-        } else {
-            return entityManager.createQuery(CLIENT_QUERY + " WHERE ros.login 
= :login", Client.class).
-                    setParameter("login", resourceOwnerSubject.getLogin());
         }
+        return entityManager.createQuery(CLIENT_QUERY + " WHERE ros.login = 
:login", Client.class).
+                setParameter("login", resourceOwnerSubject.getLogin());
     }
 
     protected TypedQuery<BearerAccessToken> getTokensQuery(Client c, 
UserSubject resourceOwnerSubject,

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
index 486bda3..6047c4b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
@@ -227,14 +227,12 @@ public class OAuthJSONProvider implements 
MessageBodyWriter<Object>,
         Map<String, String> params = readJSONResponse(is);
         if (Map.class.isAssignableFrom(cls)) {
             return params;
-        } else {
-            ClientAccessToken token = 
OAuthClientUtils.fromMapToClientToken(params);
-            if (token == null) {
-                throw new WebApplicationException(500);
-            } else {
-                return token;
-            }
         }
+        ClientAccessToken token = 
OAuthClientUtils.fromMapToClientToken(params);
+        if (token == null) {
+            throw new WebApplicationException(500);
+        }
+        return token;
 
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java
index 50cd136..f483100 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java
@@ -39,16 +39,14 @@ public class OAuthJoseJwtConsumer extends JoseJwtConsumer {
     protected JwsSignatureVerifier getInitializedSignatureVerifier(String 
clientSecret) {
         if (verifyWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
             return OAuthUtils.getClientSecretSignatureVerifier(clientSecret);
-        } else {
-            return null;
         }
+        return null;
     }
     protected JweDecryptionProvider getInitializedDecryptionProvider(String 
clientSecret) {
         if (decryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
             return OAuthUtils.getClientSecretDecryptionProvider(clientSecret);
-        } else {
-            return null;
         }
+        return null;
     }
 
     public boolean isDecryptWithClientSecret() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java
index 4fe5aeb..9cfc8a1 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java
@@ -38,16 +38,14 @@ public class OAuthJoseJwtProducer extends JoseJwtProducer {
     protected JwsSignatureProvider getInitializedSignatureProvider(String 
clientSecret) {
         if (signWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
             return OAuthUtils.getClientSecretSignatureProvider(clientSecret);
-        } else {
-            return null;
         }
+        return null;
     }
     protected JweEncryptionProvider getInitializedEncryptionProvider(String 
clientSecret) {
         if (encryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
             return OAuthUtils.getClientSecretEncryptionProvider(clientSecret);
-        } else {
-            return null;
         }
+        return null;
     }
 
     public void setEncryptWithClientSecret(boolean encryptWithClientSecret) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index cac819b..4f9a56c 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -67,11 +67,10 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
         if (isFormResponse(state)) {
             return createHtmlResponse(prepareFormResponse(state, client, 
requestedScope,
                                             approvedScope, userSubject, 
preAuthorizedToken));
-        } else {
-            StringBuilder sb =
-                prepareRedirectResponse(state, client, requestedScope, 
approvedScope, userSubject, preAuthorizedToken);
-            return Response.seeOther(URI.create(sb.toString())).build();
         }
+        StringBuilder sb =
+            prepareRedirectResponse(state, client, requestedScope, 
approvedScope, userSubject, preAuthorizedToken);
+        return Response.seeOther(URI.create(sb.toString())).build();
     }
 
     protected StringBuilder prepareRedirectResponse(OAuthRedirectionState 
state,

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 1657d59..831dcec 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -133,10 +133,9 @@ public class AbstractTokenService extends 
AbstractOAuthService {
     protected boolean isConfidenatialClientSecretValid(Client client, String 
providedClientSecret) {
         if (clientSecretVerifier != null) {
             return clientSecretVerifier.validateClientSecret(client, 
providedClientSecret);
-        } else {
-            return client.getClientSecret() != null
-                && providedClientSecret != null && 
client.getClientSecret().equals(providedClientSecret);
         }
+        return client.getClientSecret() != null
+            && providedClientSecret != null && 
client.getClientSecret().equals(providedClientSecret);
     }
     protected boolean isValidPublicClient(Client client, String clientId, 
String clientSecret) {
         return canSupportPublicClients
@@ -216,9 +215,8 @@ public class AbstractTokenService extends 
AbstractOAuthService {
         OAuthError customError = ex.getError();
         if (writeCustomErrors && customError != null) {
             return createErrorResponseFromBean(customError);
-        } else {
-            return createErrorResponseFromBean(new OAuthError(error));
         }
+        return createErrorResponseFromBean(new OAuthError(error));
     }
 
     protected Response createErrorResponse(MultivaluedMap<String, String> 
params,

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 0245a34..77ae3bf 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -177,9 +177,8 @@ public class AuthorizationCodeGrantService extends 
RedirectionBasedGrantService
     protected Response deliverOOBResponse(OOBAuthorizationResponse response) {
         if (oobDeliverer != null) {
             return oobDeliverer.deliver(response);
-        } else {
-            return createHtmlResponse(response);
         }
+        return createHtmlResponse(response);
     }
 
     protected Response createErrorResponse(String state,
@@ -187,11 +186,10 @@ public class AuthorizationCodeGrantService extends 
RedirectionBasedGrantService
                                            String error) {
         if (redirectUri == null) {
             return Response.status(401).entity(error).build();
-        } else {
-            UriBuilder ub = getRedirectUriBuilder(state, redirectUri);
-            ub.queryParam(OAuthConstants.ERROR_KEY, error);
-            return Response.seeOther(ub.build()).build();
         }
+        UriBuilder ub = getRedirectUriBuilder(state, redirectUri);
+        ub.queryParam(OAuthConstants.ERROR_KEY, error);
+        return Response.seeOther(ub.build()).build();
     }
 
     protected UriBuilder getRedirectUriBuilder(String state, String 
redirectUri) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
index 6c71d8b..10c2b7d 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
@@ -97,9 +97,8 @@ public class AuthorizationMetadataService {
         endpointAddress = endpointAddress != null ? endpointAddress : 
defRelAddress;
         if (endpointAddress.startsWith("https")) {
             return endpointAddress;
-        } else {
-            return 
UriBuilder.fromUri(baseUri).path(endpointAddress).build().toString();
         }
+        return 
UriBuilder.fromUri(baseUri).path(endpointAddress).build().toString();
     }
 
     private String getBaseUri(UriInfo ui) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
index 25081d6..2674194 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
@@ -56,9 +56,8 @@ public class AuthorizationService {
         RedirectionBasedGrantService service = getService(responseType);
         if (service != null) {
             return service.authorize();
-        } else {
-            return reportInvalidResponseType();
         }
+        return reportInvalidResponseType();
     }
 
     @GET
@@ -67,9 +66,8 @@ public class AuthorizationService {
         RedirectionBasedGrantService service = getService(responseType);
         if (service != null) {
             return service.authorizeDecision();
-        } else {
-            return reportInvalidResponseType();
         }
+        return reportInvalidResponseType();
     }
 
     /**
@@ -84,9 +82,8 @@ public class AuthorizationService {
         RedirectionBasedGrantService service = getService(responseType);
         if (service != null) {
             return service.authorizeDecisionForm(params);
-        } else {
-            return reportInvalidResponseType();
         }
+        return reportInvalidResponseType();
     }
 
     private RedirectionBasedGrantService getService(String responseType) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index b8219df..767d12a 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -96,9 +96,8 @@ public class DirectAuthorizationService extends 
AbstractOAuthService {
         subject = getMessageContext().getContent(UserSubject.class);
         if (subject != null) {
             return subject;
-        } else {
-            return OAuthUtils.createSubject(securityContext);
         }
+        return OAuthUtils.createSubject(securityContext);
     }
 
     public SubjectCreator getSubjectCreator() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index dcb9a88..a0b9a02 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -308,9 +308,8 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
             return 
sessionAuthenticityTokenProvider.getSessionState(super.getMessageContext(),
                                                                      
sessionToken,
                                                                      subject);
-        } else {
-            return null;
         }
+        return null;
     }
 
 
@@ -335,9 +334,8 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
         if (StringUtils.isEmpty(approvedScope)) {
             // no down-scoping done by a user, all of the requested scopes 
have been authorized
             return requestedScope;
-        } else {
-            return approvedScope;
         }
+        return approvedScope;
     }
 
     /**
@@ -514,9 +512,8 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
         }
         if (StringUtils.isEmpty(sessionToken)) {
             return false;
-        } else {
-            return requestToken.equals(sessionToken);
         }
+        return requestToken.equals(sessionToken);
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
index 43c8faf..a1fa491 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
@@ -46,9 +46,8 @@ public class HawkAccessTokenValidatorClient extends 
AbstractHawkAccessTokenValid
             map.putSingle(HTTP_VERB, mc.getRequest().getMethod());
             map.putSingle(HTTP_URI, 
mc.getUriInfo().getRequestUri().toString());
             return validator.validateAccessToken(mc, authScheme, 
authSchemeData, map);
-        } else {
-            return super.validateAccessToken(mc, authScheme, authSchemeData, 
extraProps);
         }
+        return super.validateAccessToken(mc, authScheme, authSchemeData, 
extraProps);
 
     }
     protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
index e21483d..8b50b5e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
@@ -42,9 +42,8 @@ public final class AuthorizationUtils {
         String[] parts = AuthorizationUtils.getAuthorizationParts(mc);
         if (parts.length == 2) {
             return getBasicAuthParts(parts[1]);
-        } else {
-            return null;
         }
+        return null;
     }
     public static String[] getBasicAuthParts(String basicAuthData) {
         String authDecoded = null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 06bf7de..dda5829 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -205,9 +205,8 @@ public final class OAuthUtils {
         UserSubject subject = mc.getContent(UserSubject.class);
         if (subject != null) {
             return subject;
-        } else {
-            return OAuthUtils.createSubject(sc);
         }
+        return OAuthUtils.createSubject(sc);
     }
     public static UserSubject createSubject(SecurityContext securityContext) {
         List<String> roleNames = Collections.emptyList();
@@ -357,19 +356,18 @@ public final class OAuthUtils {
             // the current request scopes
             if (!partialMatchScopeValidation) {
                 return registeredScopes.containsAll(requestScopes);
-            } else {
-                for (String requestScope : requestScopes) {
-                    boolean match = false;
-                    for (String registeredScope : registeredScopes) {
-                        if (requestScope.startsWith(registeredScope)) {
-                            match = true;
-                            break;
-                        }
-                    }
-                    if (!match) {
-                        return false;
+            }
+            for (String requestScope : requestScopes) {
+                boolean match = false;
+                for (String registeredScope : registeredScopes) {
+                    if (requestScope.startsWith(registeredScope)) {
+                        match = true;
+                        break;
                     }
                 }
+                if (!match) {
+                    return false;
+                }
             }
         }
         return true;
@@ -438,9 +436,8 @@ public final class OAuthUtils {
         if (!AlgorithmUtils.isHmacSign(sigAlgo)) {
             // Must be HS-based for the symmetric signature
             throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
-        } else {
-            return sigAlgo;
         }
+        return sigAlgo;
     }
 
     public static String convertListOfScopesToString(List<String> 
registeredScopes) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index 97e3dcb..e0585c2 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -457,9 +457,8 @@ public final class ModelEncryptionSupport {
         String pureStringList = prepareSimpleString(listStr);
         if (pureStringList.isEmpty()) {
             return Collections.emptyList();
-        } else {
-            return Arrays.asList(pureStringList.split(","));
         }
+        return Arrays.asList(pureStringList.split(","));
     }
 
     public static Map<String, String> parseSimpleMap(String mapStr) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java
index 2cc9d98..3f1a4a4 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java
@@ -48,8 +48,7 @@ public class ClaimRequirement extends JsonMapObject {
         Object prop = getProperty(VALUES_PROPERTY);
         if (prop instanceof List) {
             return CastUtils.cast((List<?>)prop);
-        } else {
-            return null;
         }
+        return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index ce38ecf..7a48f57 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -152,9 +152,8 @@ public class IdTokenResponseFilter extends 
OAuthServerJoseJwtProducer implements
             //TODO: OIDC core talks about various security algorithm 
preferences
             // that may be set during the client registrations, they can be 
passed along too
             return keyServiceClient.post(jwt, String.class);
-        } else {
-            return super.processJwt(jwt, client);
         }
+        return super.processJwt(jwt, client);
     }
     public void setKeyServiceClient(WebClient keyServiceClient) {
         this.keyServiceClient = keyServiceClient;

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
index 5fa96c8..4542a28 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
@@ -38,8 +38,7 @@ public class OidcIdTokenProvider implements 
ContextProvider<IdTokenContext> {
                 }
 
             };
-        } else {
-            return null;
         }
+        return null;
     }
 }

Reply via email to