Getting ConstraintViolationException to ExceptionHandler - spring-boot

I have a custom constraint validation done in my SpringBoot app (2.6.5) before an entity is persisted with JPA. When the validation causes a constraint violation the service used for persisting throws a TransactionSystemException. I can catch and format as needed this exception returned by REST API calls, with the following ExceptionHandler implementation:
#ControllerAdvice
public class RestResponseExceptionHandler extends ResponseEntityExceptionHandler {
#ExceptionHandler({ TransactionSystemException.class })
public ResponseEntity<Object> handleTransactionSystemException(TransactionSystemException tse, WebRequest request) {
List<String> errors = null;
if (tse.getCause() instanceof RollbackException) {
var rollBack = (RollbackException) tse.getCause();
if (rollBack.getCause() instanceof ConstraintViolationException) {
var violation = (ConstraintViolationException) rollBack.getCause();
errors = this.buildValidationErrors(violation.getConstraintViolations());
}
}
var msg = "{message: 'The entity to persist was invalid'";
if (errors != null) {
msg += ", errors: " + errors;
}
msg += "}";
return new ResponseEntity<>(msg, new HttpHeaders(), HttpStatus.BAD_REQUEST);
}
private List<String> buildValidationErrors(Set<ConstraintViolation<?>> violations) {
return violations
.stream()
.map(violation -> "{field: '" + violation.getPropertyPath() + "', error: '" + violation.getMessage() + "'}")
.collect(Collectors.toList());
}
}
All works fine, but I'd like to know if the nasty checking of instances of the underlying causes in exceptions could be done better?
Ultimately the nicest thing would be to remove the #ExceptionHandler({ TransactionSystemException.class }) and replace it with #ExceptionHandler({ ConstraintViolationException.class }).
Is there a (simple) way to prevent TransactionsystemException from happening in between and just bubble up the ConstraintViolationException as is (so it can be caught by the ExceptionHandler)?

Related

Moshi with Graal has all reflection registered but cannot map fields

I'm trying to use Moshi with GraalVM's native-image, and trying to get the reflection to work.
I have my class:
public class SimpleJson {
private String message;
public SimpleJson(String message) { this.message = message; }
public String getMessage() { return message; }
public void setMessage(String message) { this.message = message; }
}
and code
var simpleJsonJsonAdapter = moshi.adapter(SimpleJson.class);
var simpleJsonString = "{\"message\": \"hello there\"}";
var simpleJsonObj = simpleJsonJsonAdapter.fromJson(simpleJsonString);
var simpleJsonStringBack = simpleJsonJsonAdapter.toJson(simpleJsonObj);
System.out.println("Converting: " + simpleJsonString);
System.out.println("Simple json has message: " + simpleJsonObj.getMessage());
System.out.println("Simple message full json coming back is: " + simpleJsonStringBack);
which prints:
Converting: {"message": "hello there"}
Simple json has message: null
Simple message full json coming back is: {}
and this only works (by avoiding an exception with SimpleJson is instantiated reflectively but was never registered) with the following chunk of code, to get everything registered ready for reflection:
#AutomaticFeature
public class RuntimeReflectionRegistrationFeature implements Feature {
#Override
public void beforeAnalysis(BeforeAnalysisAccess access) {
try {
// Enable the moshi adapters
var moshiPkgs = "com.squareup.moshi";
// Standard shared models
var pkgs = "my.models";
// Register moshi
new ClassGraph()
.enableClassInfo()
.acceptPackages(moshiPkgs)
.scan()
.getSubclasses(JsonAdapter.class.getName())
.forEach(
classInfo -> {
System.out.println("Building moshi adapter class info for " + classInfo);
registerMoshiAdapter(classInfo.loadClass());
});
// Register everything we've got
new ClassGraph()
.enableClassInfo() // Scan classes, methods, fields, annotations
.acceptPackages(pkgs) // Scan package(s) and subpackages
.scan()
.getAllClasses()
.forEach(
classInfo -> {
System.out.println("Building class info for " + classInfo);
registerGeneralClass(classInfo.loadClass());
});
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
private void registerMoshiAdapter(Class<?> classInfo) {
try {
RuntimeReflection.register(classInfo);
Arrays.stream(classInfo.getMethods()).forEach(RuntimeReflection::register);
ParameterizedType superclass = (ParameterizedType) classInfo.getGenericSuperclass();
// extends JsonAdapter<X>()
var valueType = Arrays.stream(superclass.getActualTypeArguments()).findFirst();
if (valueType.isPresent() && valueType.get() instanceof Class) {
Arrays.stream(((Class<?>) valueType.get()).getConstructors())
.forEach(RuntimeReflection::register);
}
RuntimeReflection.register(classInfo.getConstructor(Moshi.class));
} catch (RuntimeException | NoSuchMethodException name) {
// expected
}
}
private void registerGeneralClass(Class<?> classInfo) {
try {
RuntimeReflection.register(classInfo);
Arrays.stream(classInfo.getDeclaredMethods()).forEach(RuntimeReflection::register);
Arrays.stream(classInfo.getDeclaredConstructors()).forEach(RuntimeReflection::register);
} catch (RuntimeException name) {
// expected
}
}
}
(inspired by this issue, although I believe that's trying to address MoshiAdapters generated which is a Kotlin only thing).
So, Java doesn't complain about reflection (which it was previously trying to do, hence the error message mentioned), but Moshi isn't actually doing anything.
Does anyone have any suggestions on how to work around this?
Note, I did try the manual reflect-config.json approach with
[
{
"allDeclaredClasses": true,
"queryAllDeclaredConstructors": true,
"queryAllPublicConstructors": true,
"name": "my.models.SimpleJson",
"queryAllDeclaredMethods": true,
"queryAllPublicMethods": true,
"allPublicClasses": true
}
}
but this resulted in error around Runtime reflection is not supported for... - also not good!
The solution was simple in the end... the registration just needed
Arrays.stream(classInfo.getDeclaredFields()).forEach(RuntimeReflection::register);
adding.

which exception to throw while creating a bank application (2 use cases) in Spring Rest?

I am currently working on some bank application where admin can create account for user .
so if user account exists already it should throw an exception so in that case which one is valid to use ? Here Preconditions belong to guava library
Preconditions.checkRequestState(user.getAccount == null) . if condition fails => throws IllegalStateException() //500
or
ServicePreconditions.checkRequestState(user.getAccount == null) if condition fails => throws MyConflictException() // 409
(custom exception i have created in rest-with-spring)
2nd use case => . if i want to withdaraw money from my account and balance is not sufficient . in that case which exception should be suitable that i have mentioned above .
Preconditions.checkRequestState(withdrawAmount <= totalAmount) if condition fails => throws IllegalStateException() //500
or
ServicePreconditions.checkRequestState(withdrawAmount <= totalAmount) if condition fails => throws MyConflictException() // 409
public final class ServicePreconditions {
public static void checkRequestState(final boolean expression) {
if (!expression) {
throw new MyConflictException();
}
}
}
// 409
#ExceptionHandler({InvalidDataAccessApiUsageException.class, DataAccessException.class, MyConflictException.class})
protected ResponseEntity<Object> handleConflict(final RuntimeException ex, final WebRequest request) {
final ApiError apiError = message(HttpStatus.CONFLICT, ex);
return handleExceptionInternal(ex, apiError, new HttpHeaders(), HttpStatus.CONFLICT, request);
}

How can I intercept and log errors that occur when hitting the TokenEndpoint?

Given the changes in the logging that were done in https://github.com/spring-projects/spring-security-oauth/issues/1271 and https://github.com/spring-projects/spring-security-oauth/issues/1290, I think it may be hard to please everyone with the logging that is present in the token endpoint. For instance, I would like to catch anything that falls to the simple #ExceptionHandler(Exception.class) to be an error statement with a log with a stack trace.
What would be the best way to intercept the exceptions that occur in the error endpoint, so that custom logging could be applied?
We can use override HandlerExceptionResolverComposite exception handler defined in WebMvcConfigurationSupport. This will composites all exception resolvers in into one exception resolver. We can then define your own exception resolvers.
One of the exception resolvers we can use is ExceptionHandlerExceptionResolver, this will enable AOP based exception handling by involving classes with #ControllerAdvice annotation.
In our custom controller advice, we can use handler for different exceptions:
#ExceptionHandler({OAuth2Exception.class})
public ResponseEntity<Object> handleOAuth2Exception(final OAuth2Exception exception, final WebRequest request) {
LOGGER.debug("OAuth failed on request processing", exception);
How we ended up solving this was using spring-aop. We simply intercepted the correct places and log an error message during it:
#Slf4j
#Aspect
#Component
public class OAuthErrorLoggingAspect {
private static final String ERROR_MESSAGE = "Error during token generation: ";
#Before("execution("
+ "public * "
+ "org.springframework.security.oauth2.provider.endpoint"
+ ".TokenEndpoint.handleException(Exception)) && args(ex))")
public void handleExceptionLogging(Exception ex) {
if (ex instanceof ClientAbortException) {
log.debug(ERROR_MESSAGE, ex);
} else {
log.error(ERROR_MESSAGE, ex);
}
}
#Before("execution("
+ "public * "
+ "org.springframework.security.oauth2.provider.endpoint"
+ ".TokenEndpoint.handleHttpRequestMethodNotSupportedException("
+ "org.springframework.web.HttpRequestMethodNotSupportedException)) && args(ex))")
public void handleHttpRequestMethodNotSupportedLogging(HttpRequestMethodNotSupportedException ex) {
log.debug(ERROR_MESSAGE, ex);
}
#Before("execution("
+ "public * "
+ "org.springframework.security.oauth2.provider.endpoint"
+ ".TokenEndpoint.handleClientRegistrationException("
+ "Exception)) && args(ex))")
public void handleClientRegistrationErrorLogging(Exception ex) {
log.debug(ERROR_MESSAGE, ex);
}
#Before("execution("
+ "public * "
+ "org.springframework.security.oauth2.provider.endpoint"
+ ".TokenEndpoint.handleException("
+ "org.springframework.security.oauth2.common.exceptions.OAuth2Exception)) && args(ex))")
public void handleOAuth2ExceptionLogging(OAuth2Exception ex) {
log.debug(ERROR_MESSAGE, ex);
}
}

GWT & Java EE SessionScoped bean not persisting

I'm playing w/ EE and want to persist a user session state. I have the session bean here:
#Stateful(mappedName = "UserSessionState")
#Named("UserSessionState")
#SessionScoped
#StatefulTimeout(value = 5, unit = TimeUnit.MINUTES)
public class UserSessionState implements Serializable
{
private boolean hasPlayerId = false;
private String playerId = "";
public void setRandomPlayerId()
{
playerId = UUID.uuid();
hasPlayerId = true;
}
public boolean hasPlayerId()
{
return hasPlayerId;
}
public String getPlayerId()
{
return playerId;
}
}
And a servlet here (GameState is an Application Scoped bean that is working as expected, CustomExtendedHttpServlet is just a simple extension of HttpServlet)
public class NewUserJoined extends CustomExtendedHttpServlet
{
#Inject
protected GameState gameState;
#Inject
protected UserSessionState user;
#Override
protected String doGetImpl(HttpServletRequest request, HttpServletResponse response, UserContext userLoginContext)
{
if (!user.hasPlayerId())
{
user.setRandomPlayerId();
}
String userId = user.getPlayerId();
if (!gameState.hasUser(userId))
{
gameState.addUser(userId, user);
return "Hi, your ID is: " + user.getPlayerId() + ", there are " + gameState.getUserCount() + " other players here";
}
else
{
return user.getPlayerId() + " you're already in the game, there are: " + gameState.getUserCount() + " other players here";
}
}
}
I'm not sure what's going on, but whenever I call the New User Joined servlet from the same HTTP session, I get this response on the first call (as expected):
"Hi, your ID is: , there are 1 other players here"
Repeating the same servlet call in the same session gives me the same message:
"Hi, your ID is: , there are 2 other players here"
...
It looks like a new instance of User Session State is getting created over and over. Am I doing this correctly?
EDIT 1: Here the code I use to send a request. It appears I'm getting a new session ID with each request, what could cause that?
RequestCallback callback = new RequestCallback()
{
#Override
public void onResponseReceived(Request request, Response response)
{
log(response.getText());
}
#Override
public void onError(Request request, Throwable exception)
{
log(
"Response Error | "
+ "Exception: " + exception);
}
};
RequestBuilder rb = new RequestBuilder(RequestBuilder.GET, SERVLET_URL);
rb.setCallback(callback);
try
{
rb.send();
}
catch (RequestException e)
{
log("Response Error | "
+ "Exception: " + e);
}
Figured out the issue,
Turns out I had an old workaround in the GWT client that was changing the host to get around a CORS issue. Because the response didn't match up to the origin, the cookie wasn't getting sent with future servlet GET calls.
Have you tried a call to request.getSession(true) to make sure an EE HTTPSession is established here?

Is it possible to set RetryPolicy in spring-retry based on HttpStatus status code?

Is it possible to set RetryPolicy in spring retry (https://github.com/spring-projects/spring-retry) based on error status code? e.g. I want to retry on HttpServerErrorException with HttpStatus.INTERNAL_SERVER_ERROR status code, which is 503. Therefore it should ignore all other error codes -- [500 - 502] and [504 - 511].
The RestTemplate has setErrorHandler option and DefaultResponseErrorHandler is the default one.
Its code looks like:
public void handleError(ClientHttpResponse response) throws IOException {
HttpStatus statusCode = getHttpStatusCode(response);
switch (statusCode.series()) {
case CLIENT_ERROR:
throw new HttpClientErrorException(statusCode, response.getStatusText(),
response.getHeaders(), getResponseBody(response), getCharset(response));
case SERVER_ERROR:
throw new HttpServerErrorException(statusCode, response.getStatusText(),
response.getHeaders(), getResponseBody(response), getCharset(response));
default:
throw new RestClientException("Unknown status code [" + statusCode + "]");
}
}
So, you can provide your own implementation for that method to simplify your RetryPolicy around desired status codes.
For others who are facing same problem, I'm posting this answer.
Implement custom retry policy as follows:
class InternalServerExceptionClassifierRetryPolicy extends ExceptionClassifierRetryPolicy {
public InternalServerExceptionClassifierRetryPolicy() {
final SimpleRetryPolicy simpleRetryPolicy = new SimpleRetryPolicy();
simpleRetryPolicy.setMaxAttempts(3);
this.setExceptionClassifier(new Classifier<Throwable, RetryPolicy>() {
#Override
public RetryPolicy classify(Throwable classifiable) {
if (classifiable instanceof HttpServerErrorException) {
// For specifically 500 and 504
if (((HttpServerErrorException) classifiable).getStatusCode() == HttpStatus.INTERNAL_SERVER_ERROR
|| ((HttpServerErrorException) classifiable)
.getStatusCode() == HttpStatus.GATEWAY_TIMEOUT) {
return simpleRetryPolicy;
}
return new NeverRetryPolicy();
}
return new NeverRetryPolicy();
}
});
}}
Ans the simply call it as below:
RetryTemplate template = new RetryTemplate();
template.setRetryPolicy(new InternalServerExceptionClassifierRetryPolicy())
You can also add the specific error code in the retryableExceptions list of the SinmpleRetryPolicy.
Map<Class<? extends Throwable>, Boolean> retryableExceptions = new HashMap<>();
retryableExceptions.put(HttpClientErrorException.Unauthorized.class, true);
retryTemplate.setRetryPolicy(new SimpleRetryPolicy(5, retryableExceptions));

Resources