How to combine Spring web thread, Spring Security and HandlerExceptionResolver as SimpleMappingExceptionResolver?
I have SimpleMappingExceptionResolver
to redirect every unhandled exception.
@Bean public SimpleMappingExceptionResolver exceptionResolver() {
SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver();
resolver.setDefaultErrorView("general-error");
resolver.setWarnLogCategory(TamponException.class.getName());
return resolver;
}
Once I implemented Spring protection, I realized I needed to exclude AccessDeniedException
:
resolver.setExcludedExceptions(AccessDeniedException.class);
I am now implementing Spring Web Flow. SWF wraps those cores AccessDeniedException
in FlowExecutionException
. This combination violates Spring Security as those wrapped exceptions are now caught on SimpleMappingExceptionResolver
. I could have ruled out as well FlowExecutionException
, but that's not what I want.
What is the correct way to solve this problem?
My next step would be to implement HandlerExceptionResolver
which delegates resolveException()
only if the unrolled exception is not AccessDeniedException
. But I'm wondering if there is something out of the box for a combination of SWF, Security, and HandlerExceptionResolver.
source to share
I am using a configuration similar to yours with Spring webflow and Spring security. For exception handling I am using webflow handling instead of SimpleMappingExceptionResolver and it works very well for me.
first you need a global XML stream that handles exceptions, this stream will be used as the "parent" of all your other streams. or you can also directly include global transition and view state in your streams:
<?xml version="1.0" encoding="UTF-8"?>
<flow xmlns="http://www.springframework.org/schema/webflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/webflow
http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd"
abstract="true">
<persistence-context/>
<view-state id="generalException" view="../views/exception/generalException.xhtml">
<on-entry>
<evaluate expression="exceptionManager.extractMessages(flowExecutionException, rootCauseException)" result="viewScope.exc"/>
</on-entry>
</view-state>
<global-transitions>
<transition on-exception="java.lang.Exception" to="generalException"/>
</global-transitions>
</flow>
The ExceptionManager class is only used to format the exception in a readable way, especially in my case BatchUpdateException, which needs the following () method to call the source of the exception:
@Service("exceptionManager")
public class ExceptionManagerImpl {
public Map<String, String> extractMessages(Exception e, Exception root)
{
Map<String, String> out = new HashMap<String, String>();
out.put("exc_message", e.getClass().toString() + ": " + e.getMessage());
out.put("exc_details", formatStackTrace(e.getStackTrace()));
out.put("root_message", root.getClass().toString() + ": " + root.getMessage());
out.put("root_details", formatStackTrace(root.getStackTrace()));
if (root instanceof BatchUpdateException)
{
out.put("batch_message", ((BatchUpdateException)root).getNextException().getClass().toString() + ": " + ((BatchUpdateException)root).getNextException().getMessage());
}
return out;
}
public String formatStackTrace(StackTraceElement[] elements)
{
String out = "";
for (StackTraceElement ste: elements)
out += ste.toString() + "<br/>";
return out;
}
}
this way, any unhandled exception will show up in the JSF page, or anywhere you use for views. AccessDeniedException usually gets through Spring Security on my system with this implementation. You can also specify different types of behavior for different exceptions.
I hope this helps, have a good time,
Mattia
source to share