From 241a58b24f52dad1d8bf0642b4780ae22feeb841 Mon Sep 17 00:00:00 2001
From: Thomas Vitale <ThomasVitale@users.noreply.github.com>
Date: Sun, 10 Mar 2019 19:54:27 +0100
Subject: [PATCH] Throw exception that was created but not thrown

Fixes gh-5462
---
 .../web/authentication/www/DigestAuthenticationFilter.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
index 6def7adb768..e99551a60d9 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationFilter.java
@@ -431,7 +431,7 @@ void validateAndDecode(String entryPointKey, String expectedRealm)
 					.md5Hex(this.nonceExpiryTime + ":" + entryPointKey);
 
 			if (!expectedNonceSignature.equals(nonceTokens[1])) {
-				new BadCredentialsException(DigestAuthenticationFilter.this.messages
+				throw new BadCredentialsException(DigestAuthenticationFilter.this.messages
 						.getMessage("DigestAuthenticationFilter.nonceCompromised",
 								new Object[] { nonceAsPlainText },
 								"Nonce token compromised {0}"));