Remove exception from api key verification

This removes repeated exceptions from the api key service when checking requests without an api key. Despite of throwing an exception, the service now simply returns `null`, when the authentication was not successful.

Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>

scm-webapp/src/main/java/sonia/scm/security/ApiKeyRealm.java

@@ -85,8 +85,9 @@ public class ApiKeyRealm extends AuthenticatingRealm {
       token instanceof BearerToken || token instanceof UsernamePasswordToken,
       "%s is required", BearerToken.class);
     String password = getPassword(token);
-    ApiKeyService.CheckResult check = apiKeyService.check(password);
-    return buildAuthenticationInfo(token, check);
+    return apiKeyService.check(password)
+      .map(check -> buildAuthenticationInfo(token, check))
+      .orElse(null);
   }
 
   private AuthenticationInfo buildAuthenticationInfo(AuthenticationToken token, ApiKeyService.CheckResult check) {

scm-webapp/src/main/java/sonia/scm/security/ApiKeyService.java

@@ -43,6 +43,7 @@ import sonia.scm.user.UserPermissions;
 import javax.inject.Inject;
 import java.security.SecureRandom;
 import java.util.Collection;
+import java.util.Optional;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.function.Supplier;
@@ -127,9 +128,8 @@ public class ApiKeyService {
     });
   }
 
-  CheckResult check(String tokenAsString) {
-    return check(tokenHandler.readToken(tokenAsString)
-      .orElseThrow(AuthorizationException::new));
+  Optional<CheckResult> check(String tokenAsString) {
+    return tokenHandler.readToken(tokenAsString).map(this::check);
   }
 
   private CheckResult check(ApiKeyTokenHandler.Token token) {