There seems to be no way to handle ServletException caused by URI parsing failures in dropwizard(using version 2.0.18).
curl -i -s -k -X $'GET' $'https://localhost/api/search/query?searchString=%bf'
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 06 May 2021 09:17:06 GMT
Content-Type: text/html;charset=iso-8859-1
Content-Length: 751
Connection: keep-alive
Cache-Control: must-revalidate,no-cache,no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 400 Unable to parse URI query</title>
</head>
<body><h2>HTTP ERROR 400 Unable to parse URI query</h2>
<table>
<tr><th>URI:</th><td>/search/query</td></tr>
<tr><th>STATUS:</th><td>400</td></tr>
<tr><th>MESSAGE:</th><td>Unable to parse URI query</td></tr>
<tr><th>SERVLET:</th><td>jersey</td></tr>
<tr><th>CAUSED BY:</th><td>javax.servlet.ServletException: Filtered request failed.</td></tr>
<tr><th>CAUSED BY:</th><td>org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query</td></tr>
<tr><th>CAUSED BY:</th><td>org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte Bf in state 0</td></tr>
</table>
</body>
</html>
Main concern here is jetty is sending the stacktrace for exception, which can be a security concern.
Tried ExceptionMappers, but it's not working, as i think the exception is thrown from outside the application scope. How can this be avoided?