How to manage exceptions thrown in filters in Spring

Question

I want to use generic way to manage 5xx error codes  let s say specifically the case when the db is down across my whole spring application  I want a pretty error json instead of a stack trace    For the controllers I have a  ControllerAdvice class for the different exceptions and this is also catching the case that the db is stopping in the middle of the request  But this is not all  I also happen to have a custom CorsFilter extending OncePerRequestFilter and there when i call doFilter i get the CannotGetJdbcConnectionException and it will not be managed by the  ControllerAdvice  I read several things online that only made me more confused    So I have a lot of questions    Do i need to implement a custom filter  I found the ExceptionTranslationFilter but this only handles AuthenticationException or AccessDeniedException   I thought of implementing my own HandlerExceptionResolver  but this made me doubt  I don t have any custom exception to manage  there must be a more obvious way than this  I also tried to add a try catch and call an implementation of the HandlerExceptionResolver  should be good enough  my exception is nothing special  but this is not returning anything in the response  i get a status 200 and an empty body     Is there any good way to deal with this  Thanks

User · Answer

I come across this issue myself and I performed the steps below to reuse my ExceptionController that is annotated with @ControllerAdvise for Exceptions thrown in a registered Filter.

There are obviously many ways to handle exception but, in my case, I wanted the exception to be handled by my ExceptionController because I am stubborn and also because I don't want to copy/paste the same code (i.e. I have some processing/logging code in ExceptionController). I would like to return the beautiful JSON response just like the rest of the exceptions thrown not from a Filter.

{
  "status": 400,
  "message": "some exception thrown when executing the request"
}

Anyway, I managed to make use of my ExceptionHandler and I had to do a little bit of extra as shown below in steps:

Steps

You have a custom filter that may or may not throw an exception
You have a Spring controller that handles exceptions using @ControllerAdvise i.e. MyExceptionController

Sample code

//sample Filter, to be added in web.xml
public MyFilterThatThrowException implements Filter {
   //Spring Controller annotated with @ControllerAdvise which has handlers
   //for exceptions
   private MyExceptionController myExceptionController; 

   @Override
   public void destroy() {
        // TODO Auto-generated method stub
   }

   @Override
   public void init(FilterConfig arg0) throws ServletException {
       //Manually get an instance of MyExceptionController
       ApplicationContext ctx = WebApplicationContextUtils
                  .getRequiredWebApplicationContext(arg0.getServletContext());

       //MyExceptionHanlder is now accessible because I loaded it manually
       this.myExceptionController = ctx.getBean(MyExceptionController.class); 
   }

   @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;

        try {
           //code that throws exception
        } catch(Exception ex) {
          //MyObject is whatever the output of the below method
          MyObject errorDTO = myExceptionController.handleMyException(req, ex); 

          //set the response object
          res.setStatus(errorDTO .getStatus());
          res.setContentType("application/json");

          //pass down the actual obj that exception handler normally send
          ObjectMapper mapper = new ObjectMapper();
          PrintWriter out = res.getWriter(); 
          out.print(mapper.writeValueAsString(errorDTO ));
          out.flush();

          return; 
        }

        //proceed normally otherwise
        chain.doFilter(request, response); 
     }
}

And now the sample Spring Controller that handles Exception in normal cases (i.e. exceptions that are not usually thrown in Filter level, the one we want to use for exceptions thrown in a Filter)

//sample SpringController 
@ControllerAdvice
public class ExceptionController extends ResponseEntityExceptionHandler {

    //sample handler
    @ResponseStatus(value = HttpStatus.BAD_REQUEST)
    @ExceptionHandler(SQLException.class)
    public @ResponseBody MyObject handleSQLException(HttpServletRequest request,
            Exception ex){
        ErrorDTO response = new ErrorDTO (400, "some exception thrown when "
                + "executing the request."); 
        return response;
    }
    //other handlers
}

Sharing the solution with those who wish to use ExceptionController for Exceptions thrown in a Filter.

User · Answer

I wanted to provide a solution based on the answer of  kopelitsa  The main differences being    Reusing the controller exception handling by using the HandlerExceptionResolver  Using Java config over XML config     First  you need to make sure  that you have a class that handles exceptions occurring in a regular RestController Controller  a class annotated with  RestControllerAdvice or  ControllerAdvice and method s  annotated with  ExceptionHandler   This handles your exceptions occurring in a controller  Here is an example using the RestControllerAdvice    RestControllerAdvice public class ExceptionTranslator         ExceptionHandler RuntimeException class       ResponseStatus HttpStatus INTERNAL SERVER ERROR      public ErrorDTO processRuntimeException RuntimeException e            return createErrorDTO HttpStatus INTERNAL SERVER ERROR   An internal server error occurred    e              private ErrorDTO createErrorDTO HttpStatus status  String message  Exception e                            To reuse this behavior in the Spring Security filter chain  you need to define a Filter and hook it into your security configuration  The filter needs to redirect the exception to the above defined exception handling  Here is an example    Component public class FilterChainExceptionHandler extends OncePerRequestFilter        private final Logger log   LoggerFactory getLogger getClass           Autowired      Qualifier  handlerExceptionResolver       private HandlerExceptionResolver resolver        Override     protected void doFilterInternal HttpServletRequest request  HttpServletResponse response  FilterChain filterChain              throws ServletException  IOException            try               filterChain doFilter request  response             catch  Exception e                log error  Spring Security Filter Chain Exception    e               resolver resolveException request  response  null  e                       The created filter then needs to be added to the SecurityConfiguration  You need to hook it into the chain very early  because all preceding filter s exceptions won t be caught  In my case  it was reasonable to add it before the LogoutFilter  See the default filter chain and its order in the official docs  Here is an example    Configuration  EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter         Autowired     private FilterChainExceptionHandler filterChainExceptionHandler        Override     protected void configure HttpSecurity http  throws Exception           http              addFilterBefore filterChainExceptionHandler  LogoutFilter class

User · Answer

So  here s what I did based on an amalgamation of the above answers    We already had a GlobalExceptionHandler annotated with  ControllerAdvice and I also wanted to find a way to re-use that code to handle exceptions that come from filters   The simplest solution I could find was to leave the exception handler alone  and implement an error controller as follows    Controller public class ErrorControllerImpl implements ErrorController      RequestMapping   error     public void handleError HttpServletRequest request  throws Throwable       if  request getAttribute  javax servlet error exception      null          throw  Throwable  request getAttribute  javax servlet error exception                  So  any errors caused by exceptions first pass through the ErrorController and are re-directed off to the exception handler by rethrowing them from within a  Controller context  whereas any other errors  not caused directly by an exception  pass through the ErrorController without modification   Any reasons why this is actually a bad idea

User · Answer

When you want to test a state of application and in case of a problem return HTTP error I would suggest a filter  The filter below handles all HTTP requests  The shortest solution in Spring Boot with a javax filter   In the implementation can be various conditions  In my case the applicationManager testing if the application is ready    import    ApplicationManager  import org springframework beans factory annotation Autowired  import org springframework stereotype Component   import javax servlet    import javax servlet http HttpServletResponse  import java io IOException    Component public class SystemIsReadyFilter implements Filter         Autowired     private ApplicationManager applicationManager        Override     public void init FilterConfig filterConfig  throws ServletException          Override     public void doFilter ServletRequest request  ServletResponse response  FilterChain chain  throws IOException  ServletException           if   applicationManager isApplicationReady                    HttpServletResponse  response  sendError HttpServletResponse SC SERVICE UNAVAILABLE   The service is booting               else               chain doFilter request  response                         Override     public void destroy

User · Answer

Just to complement the other fine answers provided  as I too recently wanted a single error exception handling component in a simple SpringBoot app containing filters that may throw exceptions  with other exceptions potentially thrown from controller methods     Fortunately  it seems there is nothing to prevent you from combining your controller advice with an override of Spring s default error handler to provide consistent response payloads  allow you to share logic  inspect exceptions from filters  trap specific service-thrown exceptions  etc     E g     ControllerAdvice  RestController public class GlobalErrorHandler implements ErrorController       ResponseStatus HttpStatus BAD REQUEST     ExceptionHandler ValidationException class    public Error handleValidationException        final ValidationException validationException        return new Error  400    Incorrect params       whatever         ResponseStatus HttpStatus INTERNAL SERVER ERROR     ExceptionHandler Exception class    public Error handleUnknownException final Exception exception        return new Error  500    Unexpected error processing request            RequestMapping   error     public ResponseEntity handleError final HttpServletRequest request        final HttpServletResponse response         Object exception   request getAttribute  javax servlet error exception            TODO  Logic to inspect exception thrown from Filters        return ResponseEntity badRequest   body new Error    whatever               Override   public String getErrorPath         return   error

User · Answer

This is my solution by overriding default Spring Boot  error handler  package com mypackage   import org slf4j Logger  import org slf4j LoggerFactory  import org springframework beans factory annotation Autowired  import org springframework boot autoconfigure web ErrorAttributes  import org springframework core annotation AnnotationUtils  import org springframework http HttpStatus  import org springframework http ResponseEntity  import org springframework util Assert  import org springframework web bind annotation RequestMapping  import org springframework web bind annotation ResponseStatus  import org springframework web bind annotation RestController  import org springframework web context request RequestAttributes  import org springframework web context request ServletRequestAttributes   import javax servlet http HttpServletRequest  import javax servlet http HttpServletResponse  import java util Map          This controller is vital in order to handle exceptions thrown in Filters       RestController  RequestMapping   error   public class ErrorController implements org springframework boot autoconfigure web ErrorController        private final static Logger LOGGER   LoggerFactory getLogger ErrorController class        private final ErrorAttributes errorAttributes        Autowired     public ErrorController ErrorAttributes errorAttributes            Assert notNull errorAttributes   ErrorAttributes must not be null            this errorAttributes   errorAttributes              Override     public String getErrorPath             return   error               RequestMapping     public ResponseEntity lt Map lt String  Object gt  gt  error HttpServletRequest aRequest  HttpServletResponse response            RequestAttributes requestAttributes   new ServletRequestAttributes aRequest           Map lt String  Object gt  result       this errorAttributes getErrorAttributes requestAttributes  false            Throwable error   this errorAttributes getError requestAttributes            ResponseStatus annotation       AnnotationUtils getAnnotation error getClass    ResponseStatus class           HttpStatus statusCode   annotation    null   annotation value     HttpStatus INTERNAL SERVER ERROR           result put  status   statusCode value             result put  error   statusCode getReasonPhrase              LOGGER error result toString             return new ResponseEntity lt  gt  result  statusCode

User · Answer

You can use the following method inside the catch block   response sendError HttpStatus UNAUTHORIZED value     Invalid token     Notice that you can use any HttpStatus code and a custom message

User · Answer

It s strange because  ControllerAdvice should works  are you catching the correct Exception    ControllerAdvice public class GlobalDefaultExceptionHandler         ResponseBody      ExceptionHandler value   DataAccessException class      public String defaultErrorHandler HttpServletResponse response  DataAccessException e  throws Exception          response setStatus HttpStatus INTERNAL SERVER ERROR value              Json return           Also try to catch this exception in CorsFilter and send 500 error  something like this   ExceptionHandler DataAccessException class   ResponseBody public String handleDataException DataAccessException ex  HttpServletResponse response        response setStatus HttpStatus INTERNAL SERVER ERROR value           Json return

User · Answer

You do not need to create a custom Filter for this   We solved this by creating custom exceptions that extend ServletException  which is thrown from the doFilter method  shown in the declaration   These are then caught and handled by our global error handler    edit  grammar

User · Answer

After reading through different methods suggested in the above answers  I decided to handle the authentication exceptions by using a custom filter  I was able to handle the response status and codes using an error response class using the following method   I created a custom filter and modified my security config by using the addFilterAfter method and added after the CorsFilter class    Component public class AuthFilter implements Filter    Override public void doFilter ServletRequest request  ServletResponse response  FilterChain chain  throws IOException  ServletException         Cast the servlet request and response to HttpServletRequest and HttpServletResponse     HttpServletResponse httpServletResponse    HttpServletResponse  response      HttpServletRequest httpServletRequest    HttpServletRequest  request          Grab the exception from the request attribute     Exception exception    Exception  request getAttribute  javax servlet error exception          Set response content type to application json     httpServletResponse setContentType MediaType APPLICATION JSON VALUE          check if exception is not null and determine the instance of the exception to further manipulate the status codes and messages of your exception     if exception  null  amp  amp  exception instanceof AuthorizationParameterNotFoundException           ErrorResponse errorResponse   new ErrorResponse exception getMessage    Authetication Failed             httpServletResponse setStatus HttpServletResponse SC UNAUTHORIZED           PrintWriter writer   httpServletResponse getWriter            writer write convertObjectToJson errorResponse            writer flush            return               If exception instance cannot be determined  then throw a nice exception and desired response code      else if exception  null               ErrorResponse errorResponse   new ErrorResponse exception getMessage    Authetication Failed                 PrintWriter writer   httpServletResponse getWriter                writer write convertObjectToJson errorResponse                writer flush                return                    else              proceed with the initial request if no exception is thrown              chain doFilter httpServletRequest httpServletResponse                    public String convertObjectToJson Object object  throws JsonProcessingException       if  object    null            return null            ObjectMapper mapper   new ObjectMapper        return mapper writeValueAsString object         SecurityConfig class       Configuration     public class JwtSecurityConfig extends WebSecurityConfigurerAdapter        Autowired     AuthFilter authenticationFilter       Override     protected void configure HttpSecurity http  throws Exception           http addFilterAfter authenticationFilter  CorsFilter class  csrf   disable                    cors                       return http                ErrorResponse class  public class ErrorResponse    private final String message  private final String description   public ErrorResponse String description  String message        this message   message      this description   description     public String getMessage         return message     public String getDescription         return description

User · Answer

So this is what I did   I read the basics about filters here and I figured out that I need to create a custom filter that will be first in the filter chain and will have a try catch to catch all runtime exceptions that might occur there  Then i need to create the json manually and put it in the response   So here is my custom filter   public class ExceptionHandlerFilter extends OncePerRequestFilter         Override     public void doFilterInternal HttpServletRequest request  HttpServletResponse response  FilterChain filterChain  throws ServletException  IOException           try               filterChain doFilter request  response             catch  RuntimeException e                    custom error response class used across my project             ErrorResponse errorResponse   new ErrorResponse e                response setStatus HttpStatus INTERNAL SERVER ERROR value                 response getWriter   write convertObjectToJson errorResponse                 public String convertObjectToJson Object object  throws JsonProcessingException           if  object    null                return null                    ObjectMapper mapper   new ObjectMapper            return mapper writeValueAsString object             And then i added it in the web xml before the CorsFilter  And it works     lt filter gt        lt filter-name gt exceptionHandlerFilter lt  filter-name gt        lt filter-class gt xx xxxxxx xxxxx api controllers filters ExceptionHandlerFilter lt  filter-class gt    lt  filter gt      lt filter-mapping gt        lt filter-name gt exceptionHandlerFilter lt  filter-name gt        lt url-pattern gt    lt  url-pattern gt    lt  filter-mapping gt     lt filter gt        lt filter-name gt CorsFilter lt  filter-name gt        lt filter-class gt org springframework web filter DelegatingFilterProxy lt  filter-class gt    lt  filter gt     lt filter-mapping gt       lt filter-name gt CorsFilter lt  filter-name gt       lt url-pattern gt    lt  url-pattern gt   lt  filter-mapping gt

User · Answer

If you want a generic way  you can define an error page in web xml    lt error-page gt     lt exception-type gt java lang Throwable lt  exception-type gt     lt location gt  500 lt  location gt   lt  error-page gt    And add mapping in Spring MVC    Controller public class ErrorController         RequestMapping value   500       public  ResponseBody String handleException HttpServletRequest req               you can get the exception thrown         Throwable t    Throwable req getAttribute  javax servlet error exception                customize response to what you want         return  Internal server error

[java] How to manage exceptions thrown in filters in Spring?

Examples related to java

Examples related to spring

Examples related to spring-security