New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Respond with status 400 for invalid requests handled by spring security firewall #1260
Respond with status 400 for invalid requests handled by spring security firewall #1260
Conversation
Spring firewall returns 500 when RequestRejectedException is thrown. The correct status code is 400. This is going to be addressed by spring-projects/spring-security#7568
import org.springframework.stereotype.Component; | ||
import javax.servlet.http.HttpServletResponse; | ||
|
||
@Aspect |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i am not against aspects, but i am not really comfortable with it and it is not used in the project. maybe we could try to avoid using it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adyach I have addressed your comment. I kept the same approach by intercepting doFilter method, but now the implementation is a Bean.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@burimshala nice ! i like it :)
} catch (RequestRejectedException e) { | ||
HttpServletResponse response = (HttpServletResponse) res; | ||
|
||
response.sendError(HttpServletResponse.SC_NOT_FOUND); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it be SC_BAD_REQUEST
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed it
👍 |
1 similar comment
👍 |
Spring firewall returns 500 when RequestRejectedException is thrown. The correct status code is 400.
This is going to be addressed by spring-projects/spring-security#7568
Review