Create RequestRejectedFilter to handle RequestRejectedException

Spring firewall returns 500 when RequestRejectedException is thrown. The correct status code is 400.
This is going to be addressed by spring-projects/spring-security#7568

acceptance-test/src/acceptance-test/java/org/zalando/nakadi/webservice/InvalidRequestAT.java

@@ -0,0 +1,18 @@
+package org.zalando.nakadi.webservice;
+
+import org.apache.http.HttpStatus;
+import org.junit.Test;
+
+import static com.jayway.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.notNullValue;
+
+public class InvalidRequestAT {
+    @Test(timeout = 10000)
+    public void whenRequestRejectedExceptionThrownThenResponseIs400() {
+        given()
+                .when()
+                .get("//")
+                .then()
+                .statusCode(HttpStatus.SC_BAD_REQUEST);
+    }
+}

app/src/main/java/org/zalando/nakadi/filters/RequestRejectedFilter.java

@@ -0,0 +1,23 @@
+package org.zalando.nakadi.filters;
+
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.security.web.firewall.RequestRejectedException;
+import org.springframework.stereotype.Component;
+import javax.servlet.http.HttpServletResponse;
+
+@Aspect
+@Component
+public class RequestRejectedFilter {
+
+    @Around("execution(public void org.springframework.security.web.FilterChainProxy.doFilter(..))")
+    public void handleRequestRejectedException(ProceedingJoinPoint pjp) throws Throwable {
+        try {
+            pjp.proceed();
+        } catch (RequestRejectedException exception) {
+            HttpServletResponse response = (HttpServletResponse) pjp.getArgs()[1];
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+        }
+    }
+}