Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Respond with status 400 for invalid requests handled by spring security firewall #1260

Merged
merged 4 commits into from Feb 11, 2021
Merged

Respond with status 400 for invalid requests handled by spring security firewall #1260

merged 4 commits into from Feb 11, 2021

Conversation

burimshala-zz
Copy link
Contributor

@burimshala-zz burimshala-zz commented Feb 9, 2021
edited

Spring firewall returns 500 when RequestRejectedException is thrown. The correct status code is 400.

This is going to be addressed by spring-projects/spring-security#7568

Zalando ticket : team-aruha/521

Review

  • Implementation
  • Tests

@tor-vs-floki
Create RequestRejectedFilter to handle RequestRejectedException
907f94f 
Spring firewall returns 500 when RequestRejectedException is thrown. The correct status code is 400.
This is going to be addressed by spring-projects/spring-security#7568
adyach
adyach reviewed Feb 9, 2021
View reviewed changes
app/src/main/java/org/zalando/nakadi/filters/RequestRejectedFilter.java Outdated
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletResponse;

@Aspect
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i am not against aspects, but i am not really comfortable with it and it is not used in the project. maybe we could try to avoid using it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adyach I have addressed your comment. I kept the same approach by intercepting doFilter method, but now the implementation is a Bean.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@burimshala nice ! i like it :)

a1exsh
a1exsh reviewed Feb 10, 2021
View reviewed changes
app/src/main/java/org/zalando/nakadi/filters/RequestRejectedFilter.java Outdated
} catch (RequestRejectedException e) {
HttpServletResponse response = (HttpServletResponse) res;

response.sendError(HttpServletResponse.SC_NOT_FOUND);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be SC_BAD_REQUEST?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed it

@adyach
Copy link
Member

adyach commented Feb 10, 2021

👍

1 similar comment
@a1exsh
Copy link
Member

a1exsh commented Feb 10, 2021

👍

@antban antban merged commit c3cee02 into zalando:master Feb 11, 2021
@burimshala-zz burimshala-zz deleted the handle-invalid-url-requests branch February 11, 2021 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a1exsh a1exsh a1exsh left review comments

@adyach adyach adyach left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@burimshala-zz @adyach @a1exsh @antban @tor-vs-floki @burimshala