This is an automated email from the ASF dual-hosted git repository. buhhunyx pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push: new 85df406 Return unautorized from the UserInfo endpoint 85df406 is described below commit 85df4062810b8b4e56c2a88656a8188bd5f5329d Author: Alexey Markevich <buhhu...@gmail.com> AuthorDate: Fri Sep 20 11:07:30 2019 +0300 Return unautorized from the UserInfo endpoint --- .../main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java index 78e25f9..5112680 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java @@ -26,6 +26,7 @@ import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.Status; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -58,7 +59,7 @@ public class UserInfoService extends OAuthServerJoseJwtProducer { if (!oauth.getPermissions().stream() .map(OAuthPermission::getPermission) .anyMatch(OidcUtils.OPENID_SCOPE::equals)) { - Response.status(401); + return Response.status(Status.UNAUTHORIZED).build(); } UserInfo userInfo = null;