diff --git a/src/main/java/org/olat/ldap/ui/LDAPAuthenticationController.java b/src/main/java/org/olat/ldap/ui/LDAPAuthenticationController.java
index 6c8c16d3e78509baf94b2dc21dffc4a6d9a3c3bc..0cfde5a48bd9d831def6bcfc4cb226f758a504f0 100644
--- a/src/main/java/org/olat/ldap/ui/LDAPAuthenticationController.java
+++ b/src/main/java/org/olat/ldap/ui/LDAPAuthenticationController.java
@@ -44,6 +44,7 @@ import org.olat.core.id.Identity;
 import org.olat.core.id.context.ContextEntry;
 import org.olat.core.id.context.StateEntry;
 import org.olat.core.logging.OLATRuntimeException;
+import org.olat.core.logging.OLATSecurityException;
 import org.olat.core.util.StringHelper;
 import org.olat.core.util.UserSession;
 import org.olat.core.util.Util;
@@ -113,7 +114,9 @@ public class LDAPAuthenticationController extends AuthenticationController imple
 	
 	protected void openChangePassword(UserRequest ureq, String initialEmail) {
 		// double-check if allowed first
-		if (!UserModule.isPwdchangeallowed(ureq.getIdentity()) || !LDAPLoginModule.isPropagatePasswordChangedOnLdapServer())
+		if (!UserModule.isPwdchangeallowed(ureq.getIdentity()) || !LDAPLoginModule.isPropagatePasswordChangedOnLdapServer()) {
+			throw new OLATSecurityException("chose password to be changed, but disallowed by config");
+		}
 
 		removeAsListenerAndDispose(cmc);
 		removeAsListenerAndDispose(subController);
diff --git a/src/main/java/org/olat/login/OLATAuthenticationController.java b/src/main/java/org/olat/login/OLATAuthenticationController.java
index 0f1bcaba67a5db868ad28f031cd554a3362fcc0b..f21dd1cb83ac1e04eddc266348083ae1fb7ba03b 100644
--- a/src/main/java/org/olat/login/OLATAuthenticationController.java
+++ b/src/main/java/org/olat/login/OLATAuthenticationController.java
@@ -151,7 +151,9 @@ public class OLATAuthenticationController extends AuthenticationController imple
 	
 	protected void openChangePassword(UserRequest ureq, String initialEmail) {
 		// double-check if allowed first
-		if (!UserModule.isPwdchangeallowed(ureq.getIdentity())) throw new OLATSecurityException("chose password to be changed, but disallowed by config");
+		if (!UserModule.isPwdchangeallowed(ureq.getIdentity())) {
+			throw new OLATSecurityException("chose password to be changed, but disallowed by config");
+		}
 
 		removeAsListenerAndDispose(cmc);
 		removeAsListenerAndDispose(subController);