Throw exception that was created but not thrown

Fixes gh-5462
7 years ago · d88c2c19f0
1 changed files with 1 additions and 1 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@ -431,7 +431,7 @@ public class DigestAuthenticationFilter extends GenericFilterBean
 					.md5Hex(this.nonceExpiryTime + ":" + entryPointKey);
 			if (!expectedNonceSignature.equals(nonceTokens[1])) {
-				new BadCredentialsException(DigestAuthenticationFilter.this.messages
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
 						.getMessage("DigestAuthenticationFilter.nonceCompromised",
 								new Object[] { nonceAsPlainText },
 								"Nonce token compromised {0}"));