This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 85df406 Return unautorized from the UserInfo endpoint
85df406 is described below
commit 85df4062810b8b4e56c2a88656a8188bd5f5329d
Author: Alexey Markevich <buhhu...@gmail.com>
AuthorDate: Fri Sep 20 11:07:30 2019 +0300
Return unautorized from the UserInfo endpoint
---
.../main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index 78e25f9..5112680 100644
---
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -26,6 +26,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -58,7 +59,7 @@ public class UserInfoService extends
OAuthServerJoseJwtProducer {
if (!oauth.getPermissions().stream()
.map(OAuthPermission::getPermission)
.anyMatch(OidcUtils.OPENID_SCOPE::equals)) {
- Response.status(401);
+ return Response.status(Status.UNAUTHORIZED).build();
}
UserInfo userInfo = null;
