HandlerExceptionResolver in exception handler doesn't work
thank you for your time. I use Spring boot 3.4.0 and I want to throw an exception in filter, but it doesn't work...
Everything is correct according to the breakpoints and logs, but my response body is empty.
The filter:
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Autowired
@Qualifier("handlerExceptionResolver")
private HandlerExceptionResolver resolver;
@Override
protected void doFilterInternal(
HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
String token = request.getHeader("Authorization");
try {
if (token.startsWith("Basic ")) {
String codeId = request.getParameter("codeId");
String text = request.getParameter("text");
CaptchaCode captchaCode = new CaptchaCode(codeId, text, null);
captchaCodeApplicationService.isCoptchaCodeValid(captchaCode);
}
...
} catch (ValidationException e) {
resolver.resolveException(request, response, null, e);
}
}
}
The advice:
@RestControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler(ValidationException.class)
public ResponseEntity<?> handlerValidationException(ValidationException e, WebRequest request) {
ExceptionDetails details = new ExceptionDetails(
LocalDateTime.now(),
HttpStatus.BAD_REQUEST.name(),
request.getDescription(false),
e.getMessage()
);
return new ResponseEntity<>(details, HttpStatus.BAD_REQUEST);
}
}
The securityConfig:
@Configuration
@EnableWebSecurity
public class SecuirtyConfig {
@Autowired
UserApplicationService userApplicationService;
@Autowired
private JwtAuthenticationFilter jwtFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity.authorizeHttpRequests(registry -> {
registry.requestMatchers("/api/v1/auth/**").permitAll();
registry.requestMatchers("/api/v1/users/**").permitAll();
registry.anyRequest().authenticated();
}).formLogin(formLogin -> formLogin.permitAll())
.csrf(httpSecurityCsrfConfig -> httpSecurityCsrfConfig.disable())
.cors(httpSecurityCorsConfig -> httpSecurityCorsConfig.disable())
.sessionManagement(httpSecuritySessionConfig -> httpSecuritySessionConfig.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.httpBasic(Customizer.withDefaults())
.build();
}
@Bean
public AuthenticationProvider authenticationProvider() throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userApplicationService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager() throws Exception {
return new ProviderManager(authenticationProvider());
}
@Bean
public PasswordEncoder passwordEncoder() throws Exception {
return new BCryptPasswordEncoder();
}
}
And the method that throws exception:
public boolean isCoptchaCodeValid(CaptchaCode captchaCode) throws ValidationException {
...
}
And the response:
Solution
I quick test with the below code, gives me this body:
{"now":"2024-12-20T14:53:02.339526733","name":"BAD_REQUEST","description":"uri=/backend-spring-boot/graphiql","message":"Invalid token"}
ExceptionDetails
import java.time.LocalDateTime;
public record ExceptionDetails(
LocalDateTime now,
String name,
String description,
String message) {
}
JwtAuthenticationFilter
import jakarta.servlet.FilterChain;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.HandlerExceptionResolver;
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Autowired
@Qualifier("handlerExceptionResolver")
private HandlerExceptionResolver resolver;
@Override
protected void doFilterInternal(
@NonNull HttpServletRequest request,
@NonNull HttpServletResponse response,
@NonNull FilterChain filterChain) {
try {
throw new ValidationException("Invalid token");
} catch (ValidationException e) {
resolver.resolveException(request, response, null, e);
}
}
}
ValidationException
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ResponseStatus;
@ResponseStatus(HttpStatus.BAD_REQUEST)
public class ValidationException extends RuntimeException {
public ValidationException(String message) {
super(message);
}
}
Update Added my security config (relevant parts)
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.csrf(AbstractHttpConfigurer::disable)
.cors(Customizer.withDefaults())
.formLogin(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/graphiql","/graphql").permitAll()
.requestMatchers("/error").permitAll()
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
.build();
}
- Spring Boot 2.7.18 compatibility issue with spring-cloud
- Caused by: java.lang.ClassNotFoundException: org.springframework.boot.context.properties.ConfigurationBeanFactoryMetadata
- not able to mock functional interface when testing controller and functional interface is being called from controller
- Upgrading to Spring Boot 3/ JDK 17/ Spring 6 - JAXB conflict issue IllegalAnnotationsException
- Connecting to AxonServer node failed: UNAVAILABLE: Network closed for unknown reason
- How do I force a Spring Boot JVM into UTC time zone?
- Set chunksize dynamically after fetching from db
- How to access a value defined in the application.properties file in Spring Boot
- GET Request Returning Empty Object in SpringBoot
- How to start up spring-boot application via command line?
- How to add custom ApplicationContextInitializer to a spring boot application?
- OpenAPI vs swagger
- Spring Boot Java Config Set Session Timeout
- Spring Boot 3.4.0 An error occurred while attempting to decode the Jwt: Unable to obtain X509Certificate from current request
- How to run Swagger 3 on Spring Boot 3
- Spring boot + React JS Reset password implementation
- Component scan for configuration class could not be used with conditions in REGISTER_BEAN
- Failed to load ApplicationContext for [WebMergedContextConfiguration@7f5614f9 testClass = com.proj.my.controller.OrderControllerTest,
- No primary or default constructor found for interface java.util.List Rest API Spring boot
- Feign client and Spring retry
- How do you implement swagger ui into a Spring Boot 3.4 project
- parse Json in Java -> INCLUDE_SOURCE_IN_LOCATION` disabled
- Springboot with Spring-cloud-aws and cloudwatch metrics
- NullPointerException Problem when trying to mock Elastic Search's RestHighLevelClient
- Transaction management of JPA and external API calls
- How to extends PostgreSQL dialect to add support for some custom column type? No type mapping for org.hibernate.type.SqlTypes code: 1111 (OTHER)
- How do I enable CORS headers in the Swagger /v2/api-docs offered by Springfox Swagger?
- Springboot Oauth2 Principal object
- Use Keycloak Spring Adapter with Spring Boot 3
- JPA query for deleting relations