You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/20 12:01:21 UTC
[cxf] branch 3.3.x-fixes updated: Return unautorized from the
UserInfo endpoint
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.3.x-fixes by this push:
new 37e24f3 Return unautorized from the UserInfo endpoint
37e24f3 is described below
commit 37e24f3f51601557abeb9a969fffe1c8df7ab3d9
Author: Alexey Markevich <bu...@gmail.com>
AuthorDate: Fri Sep 20 11:07:30 2019 +0300
Return unautorized from the UserInfo endpoint
(cherry picked from commit 85df4062810b8b4e56c2a88656a8188bd5f5329d)
---
.../main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index 78e25f9..5112680 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -26,6 +26,7 @@ import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -58,7 +59,7 @@ public class UserInfoService extends OAuthServerJoseJwtProducer {
if (!oauth.getPermissions().stream()
.map(OAuthPermission::getPermission)
.anyMatch(OidcUtils.OPENID_SCOPE::equals)) {
- Response.status(401);
+ return Response.status(Status.UNAUTHORIZED).build();
}
UserInfo userInfo = null;