CODEWITHSUNDEEP
javaspringspring-boot
DanielJ
DanielJ

Reputation: 769

Packaged Spring boot application doesnt resolve rest api errors to a message

I have a spring boot application where I am currently running it with mvnw spring-boot:run I have setup a custom exception like so

@ResponseStatus(value = HttpStatus.BAD_REQUEST)
public class InvalidEntityException extends Exception {

    public InvalidEntityException() {
        super();
    }

    public InvalidEntityException(String message) {
        super(message);
    }

    public InvalidEntityException(String message, Throwable cause) {
        super(message, cause);
    }

    public InvalidEntityException(Throwable cause) {
        super(cause);
    }
}

In a method in a rest controller I can throw this exception and in the Spring Boot logs I can see Resolved [foo.bar.InvalidEntityException: Error message.]

And in the JSON response my data looks like this:

error: "Bad Request"
message: "Error message"
path: "/resource/request"
status: 400
timestamp: "2021-06-06T04:12:39.759+00:00"

However, when I go and run mvn clean package and run my output .jar file using java -jar out.jar and call a method on this controller, I no longer see the message Resolved [foo.bar.InvalidEntityException: Error message.] and my JSON response looks like this, with the message missing.

error: "Bad Request"
message: ""
path: "/resource/request"
status: 400
timestamp: "2021-06-06T04:12:39.759+00:00"

What is the difference between running my springboot application from mvnw spring-boot:run to running the .jar? I want the same behaviour where error messages are resolved

Upvotes: 2

Views: 605

Answers (1)

Andy Wilkinson
Andy Wilkinson

Reputation: 116111

I suspect that you are using Spring Boot’s devtools module. It is designed to make application development easier and is automatically disabled when running your application as a packaged jar.

Devtools sets spring.mvc.log-resolved-exception to true. This causes Resolved [foo.bar.InvalidEntityException: Error message.] to be logged.

Devtools also sets server.error.include-message to ALWAYS. This causes the exception message to be included in the error response. In a non-development environment, you should set this property with caution. You need to be certain that none of your application’s exception messages will leak information that you would not want a malicious client to see.

Upvotes: 2

Related Questions