StrictHttpFirewall: throw specialized exceptions for specific types of rejections #12191
Labels
in: web
An issue in web modules (web, webmvc)
status: waiting-for-triage
An issue we've not yet triaged
type: enhancement
A general enhancement
Expected Behavior
The
StrictHttpFirewall
should throw specializedRequestRejectedException
exceptions for each type of rejection, making it easier to map rejections to appropriate HTTP response status codes by configuringRequestRejectedHandler
s.I believe the best approach would be to introduce new exceptions that extend the existing
RequestRejectedException
. If this approach is taken, it might be appropriate to introduce a new type ofRequestRejectedHandler
that accepts a generic<? extends RequestRejectedException>
parameter.Another approach would be to introduce a flag in
RequestRejectedException
indicating the rejection reason, allowingRequestRejectedHandler
to return the correct HTTP status according to the rejection reason of the exception.Current Behavior
The
StrictHttpFirewall
currently throwsRequestRejectedException
for all types rejections. This makes it a bit difficult to target specific types of request rejections for specific HTTP response status codes.If we introduce a
RequestRejectedHandler
, the handler catches all types of rejections (forbidden methods, blocklisted URLs, untrusted hosts, etc.). If we needed to map only one rejection type (e.g. forbidden method) to a different HTTP status (404, 501, etc), we would need to introduce logic that compares against the exception message, which would be brittle.Context
My team is developing a server implementation of the IEEE-2030.5-2018 communication protocol. To meet standardized conformance tests of the Common Smart Inverter Profile (CSIP), our application must respond with a
501 Not Implemented
when an invalid HTTP method (e.g. FOO) is used.Currently there's no elegant way to target this specific type of firewall rejection. For now, we simply register a handler that maps all rejections to a status of
501
.The text was updated successfully, but these errors were encountered: