How to set custom response in Servlet Filter on Spring Boot 3? (Response seems to be replaced later)

460 views Asked by At

I have this Filter class in Spring Boot 3:

@Component
public class AcknowledgeFilter implements jakarta.servlet.Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // does not work
        ((HttpServletResponse) response).sendError(500, "my-error-message");

        // does not work
        // response.getWriter().write("my-error-message");
        // response.getWriter().flush();
        // or response.getWriter().close();

        // does not work either
        response.getOutputStream().write("my-error-message".getBytes());
        return;
    }
}

The method returns without calling chain.doFilter() but just with setting the error response, the proper HTTP code is returned (500 or 404, ...) but never the response message I set (here "my-error-message"). I always get an JSON response like:

{
  "timestamp": "2023-10-17T15:05:12.825+00:00",
  "status": 500,
  "error": "Internal Server Error",
  "path": "/api/myrequest/path"
}

Where does this message come from and how can I overwrite it?

Update

I turned on debug logging

o.s.security.web.FilterChainProxy        : Secured GET /api/order/last?customerNumber=123

o.a.c.c.C.[Tomcat].[localhost]           : Processing ErrorPage[errorCode=0, location=/api/error]
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
o.s.security.web.FilterChainProxy        : Securing GET /api/error?customerNumber=123
o.s.security.web.FilterChainProxy        : Secured GET /api/error?customerNumber=123
o.s.web.servlet.DispatcherServlet        : "ERROR" dispatch for GET "/api/error?customerNumber=123", parameters={masked}
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
c.a.c.c.c.EndpointLoggingInterceptor     : Endpoint /api/error called
s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)

This shows, that after the error is returned, it is processed by the BasicErrorController. It seems to be necessary, to register a custom ErrorController.

2

There are 2 answers

0
Datz On BEST ANSWER

My solution was to overwrite Spring Boots BaseErrorController:

import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.boot.autoconfigure.web.ErrorProperties;
import org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController;
import org.springframework.boot.web.servlet.error.DefaultErrorAttributes;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.util.ObjectUtils;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("${server.error.path:${error.path:/error}}")
public class ErrorController extends BasicErrorController {
    public ErrorController() {
        super(new DefaultErrorAttributes(), new ErrorProperties());
    }

    @Override
    @RequestMapping
    public ResponseEntity error(HttpServletRequest request) {
        final String message = (String) request.getAttribute(RequestDispatcher.ERROR_MESSAGE);
        if (!ObjectUtils.isEmpty(message)) {
            final HttpStatus status = getStatus(request);
            final HttpHeaders headers = new HttpHeaders();
            headers.setContentType(MediaType.APPLICATION_JSON);
            return new ResponseEntity<>(message, headers, status);
        }
        return super.error(request);
    }
}

This is certainly not perfect, but was a quick solution that works.

1
4EACH On

I suggest you to use @ControllerAdvice

Here is an example

public class CustomException extends RuntimeException {
    public CustomException(String message) {
        super(message);
    }
}

@RestController
@RequestMapping("/example")
public class ExampleController {

    @GetMapping("/error")
    public String triggerError() {
        throw new CustomException("This is a custom exception message.");
    }

    @GetMapping("/ok")
    public String ok() {
        return "Everything is fine.";
    }
}

Based on this code, you can create controller advisor that will catch your response and transit to your needs

@ControllerAdvice
public class GlobalExceptionHandler {

    @ExceptionHandler(CustomException.class)
    @ResponseBody
    public ResponseEntity<SomeObject> handleCustomException(CustomException e) {
        return new ResponseEntity<>(SomeObject.builder().message(e.getMessage()).build(), HttpStatus.INTERNAL_SERVER_ERROR); // you can build your 
    }

    // You can add more exception handlers for other types of exceptions here.

    // You can also define global model attributes here using @ModelAttribute.
}

Use Lombok library for builder creation