Fix 500 error for keycloak NotFoundException

Check for a NotFoundException in the KeycloakAuthenticationFilter and
return a 404 if one is thrown.

repository/src/main/java/de/acosix/alfresco/keycloak/repo/authentication/KeycloakAuthenticationFilter.java

@@ -45,6 +45,7 @@ import org.alfresco.repo.webdav.auth.AuthenticationDriver;
 import org.alfresco.repo.webdav.auth.BaseAuthenticationFilter;
 import org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter;
 import org.alfresco.rest.api.PublicApiTenantWebScriptServletRuntime;
+import org.alfresco.rest.framework.core.exceptions.NotFoundException;
 import org.alfresco.util.PropertyCheck;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
@@ -310,6 +311,10 @@ public class KeycloakAuthenticationFilter extends BaseAuthenticationFilter
                     this.keycloakDeployment.getAuthServerBaseUrl());
         }
 
+        // Wrap the call to checkForSkipCondition in a try-catch in order to catch any NotFoundExceptions
+        // and set the status on the response to a 404. This prevents the return of 500 errors which security
+        // scanning determines is a security finding.
+        try {
             final boolean skip = !keycloakDeploymentReady || this.checkForSkipCondition(context, req, res);
 
             if (skip)
@@ -327,6 +332,12 @@ public class KeycloakAuthenticationFilter extends BaseAuthenticationFilter
                     chain.doFilter(request, response);
                 }
             }
+
+        } catch (NotFoundException nfex) {
+            LOGGER.debug("Not Found Exception was returned while handling KeyCloak auth!", nfex);
+            res.setStatus(HttpServletResponse.SC_NOT_FOUND);
+        }
+
     }
 
     /**