move auth chack to top of route handler

ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java

@@ -49,21 +49,24 @@ public class SSHKeyResourceProvider implements RealmResourceProvider {
     @Path("export/{group_id}")
     @Produces(MediaType.APPLICATION_JSON)
     public Response exportKeys(@PathParam("group_id") String groupId) {
+        try {
+            AuthHelper.getAuth(
+                    session,
+                    authResult -> authResult.getToken().getIssuedFor().equals("admin-cli"));
+        } catch (Exception e) {
+            System.err.println(e);
+            return Response.status(401, e.getMessage()).build();
+        }
+
         UserProvider userProvider = session.users();
         UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class);
         UPConfig upconfig = profileProvider.getConfiguration();
-
         List<String> attributeNames = upconfig.getAttributes()
                 .stream()
                 .filter(a -> a.getGroup() != null && a.getGroup().equals("de.ccc.hamburg.keycloak.ssh_key.keys"))
                 .map(a -> a.getName())
                 .toList();
 
-        try {
-            AuthHelper.getAuth(
-                    session,
-                    authResult -> authResult.getToken().getIssuedFor().equals("admin-cli"));
-
         RealmModel realm = session.getContext().getRealm();
 
         // TODO: add allowlist check
@@ -89,10 +92,6 @@ public class SSHKeyResourceProvider implements RealmResourceProvider {
                 .toList();
 
         return Response.ok(Map.of("keys", keys)).build();
-        } catch (Exception e) {
-            System.err.println(e);
-            return Response.status(401, e.getMessage()).build();
-        }
 
     }