getReport throws SecurityException when getting a report that doesn't exist

[mgencur]

The operation will return null as expected but on server side a SecurityException is thrown. This is different from e.g. getTest which will return a response with Content-Length: 0 (and no security exception is thrown on server side) and the status code is HttpStatus.SC_NOT_FOUND.

This is probably happening because AuthorizationServiceBean#isUserAuthorizedForReport can't get the report (because it doesn't exist anymore) and properly check permissions, so it returns false and this results in the SecurityException.

The question is whether we want to give the user information about the existence of the report by returning SC_NOT_FOUND or hide this info by throwing this security exception even if the report doesn't exist.