All geek questions in one place

Spring Custom MVC Message for HTTP 400

I have several SprigMVC methods as shown below, returning either a ModelAndView or a Responsebody. When users make a request to these URLs that do not have the required parameters, they naturally receive the message "The required parameter for the string" id "is missing . "

From a security point of view, I want to hide these detailed messages from users. Thus, the hacker does not easily know the missing parameters and will receive a 400 error without any description. Is this possible using the spring / Spring Security configuration, or will I have to manually reorganize all my methods in order to somehow return a custom message.

@RequestMapping(value = "/payment", method = RequestMethod.GET)
public ModelAndView getReponse(@RequestParam(value = "id", required = true)) {

    return model;
}

@RequestMapping(value = "/status", method = RequestMethod.GET)
public @ResponseBody String getStatus(@RequestParam(value = "id", required = true) String id) {

    return "string";
}
+4
2

MissingServletRequestParameterException, Spring, . - ControllerAdvice, .

import org.springframework.web.bind.MissingServletRequestParameterException;

@ControllerAdvice
class MissingServletRequestParameterExceptionHandler {
    @ExceptionHandler(MissingServletRequestParameterException.class)
    @ResponseBody
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    public String handleMissingParameter() {
        return "Your custom result";
    }
}

, handleMissingParameter , ControllerAdvice.

+6

, , , , , ( Spring , ) error-page web.xml( : 404 Spring ).

( XML-, ), ( web.xml WebApplicationInitializer), web.xml - - ( URL-), HTTP (.. error-page error-code).

WebApplicationInitializer , : Spring MVC 3.1+ WebApplicationInitializer .

, , . Tomcat: http://linux-sxs.org/internet_serving/c581.html.

+3

Source: https://habr.com/ru/post/1613454/

More articles:


All Articles