So I've been using Spring and Java for a while to build microservices. I am concerned by the way I am currently handling service layer results which uses "business exception"
Controller
#RestController
public class PurchaseController {
#Autowired
private PurchaseService purchaseService;
#PostMapping("/checkout")
public ResponseEntity<?> checkout(#RequestBody CheckoutRequest body) {
try {
SomeDTO dto = purchaseService.doCheckout(body);
return ResponseEntity.ok(dto);
}
catch (UnauthorizedException e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(e.getMessage());
}
catch (CustomBusinessException e) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage());
}
}
}
Service
#Service
public class PurchaseService {
// ...
public DTO doCheckout(CheckoutRequest request) {
// this one calls another microservice
if (!isUserValid(request.userId)) {
// current handling of business rules violation (1)
throw new UnauthorizedException("User not valid");
}
if (request.total < 10) {
// current handling of business rules violation (2)
throw new CustomBusinessException("Minimum checkout at 20 dollars");
}
// ... do actual checkout
return new DTO(someDTOData);
}
}
I was comfortable at using this "pattern" because I do not need to "if" the business result in the controller level to return the appropriate HttpStatusCode, but since I've found some articles saying that exception is expensive specifically in Java, I doubt what I was doing is good for the long run.
Is there another correct way to gracefully handles the business result layer?
The problem with ResponseEntity in Spring is that they are typed with the result object you want to return when the endpoint is called successfully, so you can't return another body different from the happy path one, that in your case would be SameDTO. One way to address this issue is to use ? as the type of the response entity, as you have done but it is not the most recommended way.
So the best way to do this is precisely to use exceptions when there is a situation when you can't return the expected object and you have to return another object or status code, but instead of using a try-catch in the controller you should use an exception handler (Controller Advice) https://www.baeldung.com/exception-handling-for-rest-with-spring.
This controller advice would catch any exception thrown in your application and depending on the exception type it could return a different response class or status code without affecting the main controller. One example of how can be your controller advice would be:
#ControllerAdvice
public class ErrorHandler extends ResponseEntityExceptionHandler {
#ExceptionHandler(RuntimeException.class)
public ResponseEntity<String> handleInternal(final RuntimeException ex) {
return ResponseEntity
.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(ex.getMessage());
}
#ExceptionHandler(UnauthorizedException.class)
public ResponseEntity<ResponseDto> identityClientException(UnauthorizedException e) {
return ResponseEntity
.status(HttpStatus.UNAUTHORIZED)
.body(e.getMessage());
}
#ExceptionHandler(CustomBusinessException.class)
public ResponseEntity<ResponseDto> identityClientException(CustomBusinessException e) {
return ResponseEntity
.status(HttpStatus.BAD_REQUEST)
.body(e.getMessage());
}
And your controller woulb be much more clean without exception handling logic:
#RestController
public class PurchaseController {
#Autowired
private PurchaseService purchaseService;
#PostMapping("/checkout")
public ResponseEntity<SomeDTO> checkout(#RequestBody CheckoutRequest body){
SomeDTO dto = purchaseService.doCheckout(body);
return ResponseEntity.ok(dto);
}
}
Related
By default, Spring Boot does not return messages for any exceptions, including ResponseStatusException, meaning that the message about bar below will not be returned to the client:
#GetMapping("/foo")
#ResponseBody
public Foo getFoo(#RequestParam(name = "bar", defaultValue = "0") int bar) {
if (bar <= 0) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "bar must always be positive");
}
return example.getFoo(bar);
}
This can be changed by setting server.error.include-message=always in the application.properties, however this causes ALL exception messages to be returned to the client, including this one:
#GetMapping("/baz")
#ResponseBody
public Baz getBaz() {
if (!security.checkSecurity()) {
throw new RuntimeException("Security breach! Hope no one finds out!");
}
return example.getBaz();
}
I know this is a trivial example and the solution would be just "don't throw server exceptions from your controller", but the exception might actually come from some other code buried deep in the application, it could even be a NullPointerException or whatever.
How can I get the application to show messages only from ResponseStatusException and not other types of exception? (I guess other than adding try-catch clauses to every single controller method.)
You can add extra (#ExceptionHandler) methods to any controller to specifically handle exceptions thrown by request handling (#RequestMapping) methods in the same controller. Such methods can:
Handle exceptions without the #ResponseStatus annotation (typically predefined exceptions that you didn’t write)
Redirect the user to a dedicated error view
Build a totally custom error response
Controller advice allows you to use exactly the same exception handling techniques but apply them across the whole application, not just to an individual controller. You can think of them as an annotation-driven interceptor.
Any class annotated with #ControllerAdvice becomes a controller-advice and three types of method are supported:
Exception handling methods annotated with #ExceptionHandler.
Model enhancement methods (for adding additional data to the model) annotated with #ModelAttribute. Note that these attributes are not available to the exception handling views.
Binder initialization methods (used for configuring form-handling) annotated with
#InitBinder.
Solution:
#ControllerAdvice
public class RestControllerAdvice {
#ExceptionHandler(ResponseStatusException.class)
public ResponseEntity<String> handleStatusException(ResponseStatusException exception) {
throw exception;
}
#ExceptionHandler(Exception.class)
public ResponseEntity<String> handleException(Exception exception) {
return new ResponseEntity<>("Exception", HttpStatus.INTERNAL_SERVER_ERROR);
}
}
Catch all the exceptions and in the catch block throw ResponseStatusException like in:
#GetMapping("/actor/{id}")
public String getActorName(#PathVariable("id") int id) {
try {
return actorService.getActor(id);
} catch (ActorNotFoundException ex) {
throw new ResponseStatusException(
HttpStatus.NOT_FOUND, "Actor Not Found", ex);
}
}
I´m beginner in REST API and Spring Boot. I have a doubt about how to handle the different responses a request can have. For example if I post data of a credit card
{
"number": "3434 3434 3434 3434",
"date_expiration": "09-19",
"identification_card": 23232323
}
then in #RestController
#PostMapping("/card")
public ResponseEntity<CreditCard> payCard(#Valid #RequestBody CreditCard creditCard){
CreditCard creC = cardService.registerCard(creditCard);
return new ResponseEntity<>(creC, HttpStatus.OK);
}
In this case I return an object of ResponseEntity.
What happens if the date_expiration is expired or the identification_card doesn't correspond to the client? They are logical validations that are resolved in the service and can trigger different responses. How should I handle them?
Here you are using same object as your Request body and Response body. That is not a standard practice.
You should have separate objects for Request/Response. In request object you should have only the information you need from the user. But in the response object you should have information you want to send in response and also validation information like Error Details which includes error code and error description which you can use to display validation error to the user.
Hope this helps.
Well, if date_expiration is expired or identification_card doesn't behave to the customer, this is a business failure.
I like to represent Business Errors with an HTTP 422 - Unprocessable Entity. See here
You can change the return object from ResponseEntity<CreditCard> to ResponseEntity<Object> if you want to return diferent objects in your controller, although I prefer to use a ExceptionHandler in a ControllerAdvice annotated method if the purpose is to return errors.
As I said, this situation is a business failure (the credit card is expired or doesn't behave to the current user).
Here's an example. Would be something like this:
CardService.java
#Service
public class CardService {
// ..
public CreditCard registerCard(CreditCard card) throws BusinessException {
if(cardDoesntBehaveToUser(card, currentUser()))) // you have to get the current user
throw new BusinessException("This card doesn't behave to the current user");
if(isExpired(card)) // you have to do this logic. this is just an example
throw new BusinessException("The card is expired");
return cardRepository.save(card);
}
}
CardController.java
#PostMapping("/card")
public ResponseEntity<Object> payCard(#Valid#RequestBody CreditCard creditCard) throws BusinessException {
CreditCard creC = cardService.registerCard(creditCard);
return ResponseEntity.ok(creC);
}
BusinessException.java
public class BusinessException extends Exception {
private BusinessError error;
public BusinessError(String reason) {
this.error = new BusinessError(reason, new Date());
}
// getters and setters..
}
BusinessError.java
public class BusinessError {
private Date timestamp
private String reason;
public BusinessError(String Reason, Date timestamp) {
this.timestamp = timestamp;
this.reason = reason;
}
// getters and setters..
}
MyExceptionHandler.java
#ControllerAdvice
public class MyExceptionHandler extends ResponseEntityExceptionHandler {
// .. other handlers..
#ExceptionHandler({ BusinessException.class })
public ResponseEntity<Object> handleBusinessException(BusinessException ex) {
return ResponseEntity.status(HttpStatus.UNPROCESSABLE_ENTITY).body(ex.getError());
}
}
If the credit card is expired, the JSON will be rendered as:
{
"timestamp": "2019-10-29T00:00:00+00:00",
"reason": "The card is expired"
}
I am building a REST API with Spring boot and DAO layer is implemented in Hibernate.I need to understand the correct way of throwing and handling Exception in the Application.Currently I am doing it in this way
#Repository
public class UserDaoImpl
{
public getAllUsers() throws Exception
{
//get All Users from DB
}
}
#Service
public class UserServiceImpl
{
public getAllUsers throws MyCustomException
{ try{
userDaoImpl.getAllUsers();
}
catch(Exception e)
{
throw MyCustomException();
}
}
}
and In Exception Mapper
#ControllerAdvice
public class ApplicationExceptionHandler extends ResponseEntityExceptionHandler {
#ExceptionHandler({MyCustomException.class})
#ResponseBody
public ResponseEntity<?> handleCustomException(Exception e) {
log.error("", e);
Map<String, String> error = new HashMap<String, String>();
error.put("message", e.getMessage());
return new ResponseEntity<>(error, HttpStatus.NOT_ACCEPTABLE, MessageResource.getLogMessage("BAD_REQUEST_EXCEPTION"));
}
}
public class MyCustomException extends RuntimeException
{
///// ....
}
So I have added throws clause (throws Exception) in DAO layer and catch at service layer and wrap it in Custom Exception(unchecked exception) and do not propogate the exception at controller layer.
Is this correct ? or there is some better way?
I'd recommend you to have general #ExceptionHandler({Exception.class}) for all cases that you don't want to handle specifically.
Also it's okay to create separate exception classes for situations that require custom handling.
It depends on what do you want to achieve.
About your case. Exception in DAO layer does not necessary mean that request was wrong or did not provide correct parameters. It could be mapping problems, DB access problems and etc. So I would not wrap it to my custom exception, or at lest wrap in to general DataAccessException, make good logging around that and return some general error code to the client.
I would like to manage Exception thrown by simple Controller or RestController in two ways:
1) html redirection
2) Json error
I tested the code below :
#ControllerAdvice(annotations = Controller.class)
public class ExceptionHandlerController
{
#ExceptionHandler(Exception.class)
public ModelAndView handleException(HttpServletRequest _req, Exception _ex)
{
K_LOGGER.info("test");
return new ModelAndView();
}
}
#ControllerAdvice(annotations = RestController.class)
public class ExceptionHandlerRestController
{
#ExceptionHandler(Exception.class)
public ResponseEntity<String> handleException(HttpServletRequest _req, Exception _ex)
{
return new ResponseEntity<>("test", HttpStatus.INTERNAL_SERVER_ERROR);
}
}
#RestController
public class GreetingController
{
#RequestMapping("/greetingexception")
public Greeting greetingException(#RequestParam(value = "name", defaultValue = "World") String name)
throws Exception
{
throw new Exception();
}
}
It doesn't work properly, I always pass by ExceptionHandlerController but not by ExceptionHandlerRestController.
I think it's because #RestController inherit of #Controller.
Do you have a other solution?
Try to add #Order(Ordered.HIGHEST_PRECEDENCE) annotation to rest exception handler. It may helps you.
eg04lt3r answer is correct, just though that more details might be useful for someone.
In case when you have global #ControllerAdvice and want to handle some exception in a different way in one of your Controllers you need to set #Order(Ordered.HIGHEST_PRECEDENCE) on the #ControllerAdvice which should have higher priority.
For example:
#ControllerAdvice
public class GeneralExceptionHandler {
#ExceptionHandler(Exception.class)
protected ResponseEntity<Error> handleException(Exception ex) {
...
}
}
#ControllerAdvice(assignableTypes = MyController.class)
#Order(Ordered.HIGHEST_PRECEDENCE)
public class MyExceptionHandler {
#ExceptionHandler(Exception.class)
protected ResponseEntity<Error> handleException(Exception ex) {
...
}
}
#Order is needed because on startup one of the handlers will register with higher order automatically, anyway and your exception handling will become unpredictable. For example I recently saw a case when if you start an app using bootRun gradle task MyExceptionHandler was primary, but when started as jar GeneralExceptionHandler was primary.
I have a REST web service controller that looks like this:
#RequestMapping(value = URIConstants.URL_DOCUMENT_SEARCH, method = RequestMethod.POST, produces = { MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE })
protected DocumentSearchResponse getDocuments(#Valid #ModelAttribute DocumentSearchRequest objDMSRequest,BindingResult bindingResult, HttpServletRequest objServletRequest) throws AppException
{
if (bindingResult.hasErrors())
{
//I want to throw my custom exception here
///Or can anyone suggest a more clean and efficient way
}
-----More code and logic
}
I have a custom exception and handlers that will throw invalid HTTP invalid request exception. The custom exception has errorcode and error description fields.
My requirement is is there a way to parse the error from the bindingresults to a custome exception and trow that in the controler.
What you can do:
return new ResponseEntity<String>(errorDescription,HttpStatus.BAD_REQUEST);
Or, you can do it hardcore if you really want to use Exception(not recommended):
try {
throw new CustomException();
} catch(CustomException e) {
e.printStackTrace();
return new ResponseEntity<String>(e.getErrorDescription(),e.getStatusCode());
}
By the way: returning a Exception it's not good, that's why I don't show it.
#Albert-Pinto first of all the way you are trying to do this is completely wrong. If you want to consume a object it should come as #RequestBody and not as just a simple object. What you have done in your example is a MVC way which we do with the web applications, not the way we do for web service. so the above code will become as
#Controller
#RequestMapping("/user")
public class UserController {
#RequestMapping(method=RequestMethod.POST)
public ResponseEntity create(#RequestBody User user) {
try {
throw new CustomException();
} catch(CustomException e) {
e.printStackTrace();
return new ResponseEntity<String>(e.getErrorDescription(),e.getStatusCode());
}
}
Its is as simple as that
1. Create a class which extends Exception.
class MyCustomException extends Exception{
MyCustomException(){
}
MyCustomException(Object e){
super(e)
}
}
2. Make your code throw same type of exception
#Controller
#RequestMapping("/user")
public class UserController {
#RequestMapping(method=RequestMethod.POST)
public ResponseEntity create(#Valid User user, BindingResult bindingResult) {
try{
if (bindingResult.hasErrors()) {
throw new MyCustomException();
}
} catch(MyCustomException e){
//do what ever you want to do with it
}
...
}
3. Man you already done... :)