do not use IllegalArgumentException for parameter validation

scm-webapp/src/main/java/sonia/scm/api/v2/resources/AuthenticationRequestDto.java

@@ -1,7 +1,6 @@
 package sonia.scm.api.v2.resources;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
-import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 
 import javax.ws.rs.FormParam;
@@ -45,9 +44,8 @@ public class AuthenticationRequestDto {
     return scope;
   }
 
-  public void validate() {
-    Preconditions.checkArgument(!Strings.isNullOrEmpty(grantType), "grant_type parameter is required");
-    Preconditions.checkArgument(!Strings.isNullOrEmpty(username), "username parameter is required");
-    Preconditions.checkArgument(!Strings.isNullOrEmpty(password), "password parameter is required");
+  public boolean isValid() {
+    // password is currently the only valid grant_type
+    return "password".equals(grantType) && !Strings.isNullOrEmpty(username) && !Strings.isNullOrEmpty(password);
   }
 }

scm-webapp/src/main/java/sonia/scm/api/v2/resources/AuthenticationResource.java

@@ -29,7 +29,7 @@ public class AuthenticationResource {
 
   private static final Logger LOG = LoggerFactory.getLogger(AuthenticationResource.class);
 
-  public static final String PATH = "v2/auth";
+  static final String PATH = "v2/auth";
 
   private final AccessTokenBuilderFactory tokenBuilderFactory;
   private final AccessTokenCookieIssuer cookieIssuer;
@@ -81,7 +81,9 @@ public class AuthenticationResource {
     HttpServletResponse response,
     AuthenticationRequestDto authentication
   ) {
-    authentication.validate();
+    if (!authentication.isValid()) {
+      return Response.status(Response.Status.BAD_REQUEST).build();
+    }
 
     Response res;
     Subject subject = SecurityUtils.getSubject();