org.springframework.security.web.firewall.RequestRejectedException Java Examples

The following examples show how to use org.springframework.security.web.firewall.RequestRejectedException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ExceptionFilter.java    From nifi with Apache License 2.0 7 votes vote down vote up 
@Override
public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain)
        throws IOException, ServletException {

    try {
        filterChain.doFilter(req, resp);
    } catch (RequestRejectedException e) {
        if (logger.isDebugEnabled()) {
            logger.debug("An exception was caught performing the HTTP request security filter check and the stacktrace has been suppressed from the response");
        }

        HttpServletResponse filteredResponse = (HttpServletResponse) resp;
        filteredResponse.setStatus(500);
        filteredResponse.getWriter().write(e.getMessage());

        StringWriter sw = new StringWriter();
        sw.write("Exception caught by ExceptionFilter:\n");
        PrintWriter pw = new PrintWriter(sw);
        e.printStackTrace(pw);
        logger.error(sw.toString());
    }
}
Example #2
Source File: ErrorController.java    From secrets-proxy with Apache License 2.0 5 votes vote down vote up 
/**
 * Handles all the errors and returns an {@link ErrorResponse}.
 *
 * @param req http request which caused some error.
 * @param res http response.
 * @return error response entity.
 */
@RequestMapping(produces = {APPLICATION_JSON_VALUE, APPLICATION_XML_VALUE})
public @ResponseBody ResponseEntity<ErrorResponse> errorResponse(
    HttpServletRequest req, HttpServletResponse res) {
  Map<String, Object> body = getErrorAttributes(req, isIncludeStackTrace(req, MediaType.ALL));

  // Update status code and format error respose for RequestRejectedException
  Object message = "";
  Object ex = body.get("exception");
  String exceptionName = ex != null ? ex.toString() : "";

  if (exceptionName.contains(RequestRejectedException.class.getSimpleName())) {
    try {
      message = URLDecoder.decode(body.get("message").toString(), "UTF-8");
    } catch (UnsupportedEncodingException ignore) {
    }
    message = message.toString().replace(exceptionName + ":", "");
    body.put("message", message);
    body.put("status", HttpStatus.BAD_REQUEST.value());
    body.put("error", HttpStatus.BAD_REQUEST.getReasonPhrase());
    req.setAttribute("javax.servlet.error.status_code", HttpStatus.BAD_REQUEST.value());
  }

  HttpStatus status = getStatus(req);
  ErrorResponse errRes = new ErrorResponse(body);
  return new ResponseEntity<>(errRes, status);
}
Example #3
Source File: GlobalExceptionHandler.java    From Blog with Apache License 2.0 4 votes vote down vote up 
/**
     * controller参数异常/缺少
     *
     * @param e
     * @return
     */
    @ExceptionHandler({
            MissingServletRequestParameterException.class,
            MethodArgumentTypeMismatchException.class,
            RequestRejectedException.class}
    )
    public Result missingServletRequestParameterException(Exception e) {
//        e.printStackTrace();
        return Result.create(StatusCode.ERROR, "参数异常");

    }
Example #4
Source File: PortalStrictHttpFirewall.java    From portals-pluto with Apache License 2.0 4 votes vote down vote up 
@Override
public FirewalledRequest getFirewalledRequest(
	HttpServletRequest request) throws RequestRejectedException {
	return super.getFirewalledRequest(new PortalHttpServletRequest(request));
}