Reputation: 12876
Exception message not included in response when throwing ResponseStatusException in Spring Boot
My Spring Boot application provides the following REST controller:
@RestController
@RequestMapping("/api/verify")
public class VerificationController {
final VerificationService verificationService;
Logger logger = LoggerFactory.getLogger(VerificationController.class);
public VerificationController(VerificationService verificationService) {
this.verificationService = verificationService;
}
@GetMapping
public void verify(
@RequestParam(value = "s1") String s1,
@RequestParam(value = "s2") String s2) {
try {
verificationService.validateFormat(s1, s2);
} catch (InvalidFormatException e) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, e.getMessage());
}
}
}
In case validateFormat() throws the InvalidFormatException the client gets a HTTP 400 which is correct. The default JSON response body however looks like this:
{
"timestamp": "2020-06-18T21:31:34.911+00:00",
"status": 400,
"error": "Bad Request",
"message": "",
"path": "/api/verify"
}
The message value is always empty even if I hard-code it like this:
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "some string");
This is the exception class:
public class InvalidFormatException extends RuntimeException {
public InvalidFormatException(String s1, String s2) {
super(String.format("Invalid format: [s1: %s, s2: %s]", s1, s2));
}
}
Upvotes: 51
Views: 16521
Answers (2)
Reputation: 9459
Setting server.error.include-message=always disclosures messages of internal exceptions and this might be a problem in production environment.
An alternative approach is to use ExceptionHandler. Here you can control what is transferred to client:
@ControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler(ResponseStatusException.class)
public ResponseEntity<String> handleBadRequestException(ResponseStatusException ex) {
// if you want you can do some extra processing with message and status of an exception
// or you can return it without any processing like this:
return new ResponseEntity<>(ex.getMessage(), ex.getStatus());
}
}
Upvotes: 7
Reputation: 12876
This behavior has changed with Spring Boot 2.3 and is intentional. See release notes for details.
Setting server.error.include-message=always in the application.properties resolves this issue.
Upvotes: 97
Related Questions
- Spring Boot RestController, On Error Status Response Body, Message of Error is empty
- Spring REST @ResponseStatus with Custom exception class does not change the return Status code
- Spring ResponseStatusException does not return reason
- Exception error message not display in springboot project
- ResponseEntityExceptionHandler not called
- Spring @ExceptionHandler does not work with @ResponseBody
- How to log the exception information while using the ResponseStatusException
- Not able to return ResponseEntity with Exception Details in spring
- ResponseEntityExceptionHandler does not send an error code to the client despite @ResponseStatus annotation
- No @ResponseBody returned from @ExceptionHandler in Spring boot app deployed in Tomcat