I have an API-controller that calls a service class. Inside the service class I want to throw an exception so the API-controller can catch it, and return a Http-BadRequest response.
But what exception is equal to Bad Request? And what is best practise for this situation?
I used this pattern for throwing exceptions in the application layer and the api layer would recognize the http status code:
The exceptions definition:
public class BadRequestException : Exception
{
public BadRequestException(string message = null)
: base(message == null ? "Bad Request" : message)
{ }
}
public class ActionInputIsNotValidException : BadRequestException
{
public ActionInputIsNotValidException()
: base("Action input is not valid")
{ }
}
An Action Filter to handle exceptions in api layer:
public class ExceptionActionFilter : ExceptionFilterAttribute
{
public ExceptionActionFilter()
{
}
public override void OnException(ExceptionContext context)
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.HttpContext.Response.ContentType = "application/json";
if (isTypeOf(context.Exception, typeof(Exceptions.BadRequestException)))
{
context.HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
context.Result = new JsonResult(new
{
Message = context.Exception.Message,
});
}
private bool isTypeOf(Exception exception, Type baseType)
{
return exception.GetType() == baseType || exception.GetType().IsSubclassOf(baseType);
}
}
Then in the application layer we can throw exceptions and the result of api call will be a json containing error message with http 400 status code:
throw new ActionInputIsNotValidException();
Related
I am learning Blazor, and I have a WebAssembly client application.
I created a WebAPI at the server which does some additional validation over and above the standard data annotation validations. For example, as it attempts to write a record to the database it checks that no other record exists with the same email address. Certain types of validation can't reliably happen at the client, particularly where race conditions could produce a bad result.
The API controller returns a ValidationProblem result to the client, and Postman shows the body of the result as:
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "One or more validation errors occurred.",
"status": 400,
"traceId": "|f06d4ffe-4aa836b5b3f4c9ae.",
"errors": {
"Email": [
"The email address already exists."
]
}
}
Note that the validation error is in the "errors" array in the JSON.
Back in the Blazor Client application, I have the typical HandleValidSubmit function that posts the data to the API and receives a response, as shown here:
private async void HandleValidSubmit()
{
var response = await Http.PostAsJsonAsync<TestModel>("api/Test", testModel);
if (response.StatusCode != System.Net.HttpStatusCode.Created)
{
// How to handle server-side validation errors?
}
}
My question is, how to best process server-side validation errors? The user experience ought to be the same as any other validation error, with the field highlighted, the validation message shown, and the summary at the top of the page.
I ended up solving this by creating a ServerValidator component. I'll post the code here in case it is helpful for others seeking a solution to the same problem.
This code assumes you are calling a Web API endpoint that returns a ValidationProblem result if there are issues.
public class ServerValidator : ComponentBase
{
[CascadingParameter]
EditContext CurrentEditContext { get; set; }
protected override void OnInitialized()
{
base.OnInitialized();
if (this.CurrentEditContext == null)
{
throw new InvalidOperationException($"{nameof(ServerValidator)} requires a cascading " +
$"parameter of type {nameof(EditContext)}. For example, you can use {nameof(ServerValidator)} " +
$"inside an EditForm.");
}
}
public async void Validate(HttpResponseMessage response, object model)
{
var messages = new ValidationMessageStore(this.CurrentEditContext);
if (response.StatusCode == HttpStatusCode.BadRequest)
{
var body = await response.Content.ReadAsStringAsync();
var validationProblemDetails = JsonSerializer.Deserialize<ValidationProblemDetails>(body);
if (validationProblemDetails.Errors != null)
{
messages.Clear();
foreach (var error in validationProblemDetails.Errors)
{
var fieldIdentifier = new FieldIdentifier(model, error.Key);
messages.Add(fieldIdentifier, error.Value);
}
}
}
CurrentEditContext.NotifyValidationStateChanged();
}
// This is to hold the response details when the controller returns a ValidationProblem result.
private class ValidationProblemDetails
{
[JsonPropertyName("status")]
public int? Status { get; set; }
[JsonPropertyName("title")]
public string Title { get; set; }
[JsonPropertyName("type")]
public string Type { get; set; }
[JsonPropertyName("errors")]
public IDictionary<string, string[]> Errors { get; set; }
}
}
To use this new component, you will need to add the component within your EditForm:
<EditForm Model="agency" OnValidSubmit="HandleValidSubmit">
<ServerValidator #ref="serverValidator" />
<ValidationSummary />
... put all your form fields here ...
</EditForm>
Lastly, you can kick off the validation in your #code section:
#code {
private TestModel testModel = new TestModel();
private ServerValidator serverValidator;
private async void HandleValidSubmit()
{
var response = await Http.PostAsJsonAsync<TestModel>("api/TestModels", testModel);
if (response.StatusCode != System.Net.HttpStatusCode.Created)
{
serverValidator.Validate(response, testModel);
}
else
{
Navigation.NavigateTo(response.Headers.Location.ToString());
}
}
}
In theory, this ought to allow you to bypass client validation entirely and rely on your Web API to do it. In practice, I found that Blazor performs client validation when there are annotations on your model, even if you don't include a <DataAnnotationsValidator /> in your form. However, it will still catch any validation issues at the server and return them to you.
how to best process server-side validation errors? The user experience ought to be the same as any other validation error, with the field highlighted, the validation message shown, and the summary at the top of the page.
I don't know what comes in your response, so I made a generic version of a component that do what you need.
Get the CascadingParameter of the EditContext
[CascadingParameter]
public EditContext EditContext { get; set; }
Have a ValidationMessageStore to hold the errors and a function that will display the errors
private ValidationMessageStore _messageStore;
private EventHandler<ValidationRequestedEventArgs> OnValidationRequested => (s, e) =>
{
_messageStore.Clear();
};
private EventHandler<FieldChangedEventArgs> OnFieldChanged => (s, e) =>
{
_messageStore.Clear(e.FieldIdentifier);
};
protected override void OnInitialized()
{
base.OnInitialized();
if (EditContext != null)
{
_messageStore = new ValidationMessageStore(EditContext);
EditContext.OnFieldChanged += OnFieldChanged;
EditContext.OnValidationRequested += OnValidationRequested;
}
}
public override void Dispose()
{
base.Dispose();
if (EditContext != null)
{
EditContext.OnFieldChanged -= OnFieldChanged;
EditContext.OnValidationRequested -= OnValidationRequested;
}
}
private void AddFieldError(ERROR_CLASS_YOU_ARE_USING validatorError)
{
_messageStore.Add(EditContext.Field(validatorError.FIELD_NAME), validatorError.ERROR_MESSAGE);
}
Call the function of the component using it's ref
private async void HandleValidSubmit()
{
var response = await Http.PostAsJsonAsync<TestModel>("api/Test", testModel);
if (response.StatusCode != System.Net.HttpStatusCode.Created)
{
// How to handle server-side validation errors?
// You could also have a foreach or a function that receives an List for multiple fields error display
MyHandleErrorComponent.AddFieldError(response.ERROR_PROPERTY);
}
}
https://learn.microsoft.com/en-us/aspnet/core/blazor/forms-validation has an example of how to handle server-side validation errors:
private async Task HandleValidSubmit(EditContext editContext)
{
customValidator.ClearErrors();
try
{
var response = await Http.PostAsJsonAsync<Starship>(
"StarshipValidation", (Starship)editContext.Model);
var errors = await response.Content
.ReadFromJsonAsync<Dictionary<string, List<string>>>();
if (response.StatusCode == HttpStatusCode.BadRequest &&
errors.Count() > 0)
{
customValidator.DisplayErrors(errors);
}
else if (!response.IsSuccessStatusCode)
{
throw new HttpRequestException(
$"Validation failed. Status Code: {response.StatusCode}");
}
else
{
disabled = true;
messageStyles = "color:green";
message = "The form has been processed.";
}
}
catch (AccessTokenNotAvailableException ex)
{
ex.Redirect();
}
catch (Exception ex)
{
Logger.LogError("Form processing error: {Message}", ex.Message);
disabled = true;
messageStyles = "color:red";
message = "There was an error processing the form.";
}
}
Use two phase validation.
Hook up an event for when the email is entered which calls an "IsEmailUnique" method on your api. This offers your user real time validation information. Perhaps disable the "Save" button until the email has been validated on the server.
You can then handle the Bad Request as you would any other server-side errors.
I created a form where the user can update his data account. In this form the user is also able to change the account password, before doing so, I ask him the current password, this is the field:
<div class="form-group">
<label>Current Password</label>
<input class="form-control" id="oldPassword"
asp-for="#Model.ExistingPassword" type="password" />
<div class="invalid-feedback"></div>
</div>
as you can see the oldPassword input bound the property ExistingPassword which is part of the ViewModel of that View and have the following declaration:
[Required, MinLength(6), MaxLength(50), DataType(DataType.Password)]
public string ExistingPassword { get; set; }
when the form is submitted I call the following ajax function:
$.post(url, user, function (response) {
//Some stuff
}).done(function (response) {
alert("Updated executed");
}).fail(function (jqXHR, textStatus, errorThrown) {
alert("Error happened!");
});
the parameter of the function are taken by the form, in particular:
url: $(this).attr('action');
user: $(this).serialize();
the action of the form will call the following controller: User\UpdateUser.
Inside the UpdateUser method I execute the following check:
public async Task<UserProfileViewModel> UpdateUserAsync(UserProfileViewModel updatedUser)
{
if (!await _userManager.CheckPasswordAsync(originalUser, updatedUser.ExistingPassword))
throw new Exception("Invalid password");
essentially, the condition check if the current password is correct, if not, then an exception will raised.
Now, my question with this is: how can I know which type of exception the method has generated?
I need to know which type of exception the method UpdateUser has generated because there are different exceptions in the method.
Suppose the Invalid Password exceptions is raised, I need to display a message inside invalid-feedback div, next to oldPassword, so the user know why the update has failed.
Thanks in advance for any help.
Normally, I recommend not using an exception except in actual exception circumstances, but given the way you've designed this, you have a few options.
I'd suggest creating a custom "UpdateUserException" that you can throw that will include additional information, which can be provided by an enum or just string.
public class UpdateUserException : Exception {
public UpdateUserError ErrorCondition;
public UpdateUserException(UpdateUserError error, string message)
{
ErrorCondition = error;
Message = message;
}
}
then you would throw it
throw new UpdateUserException(UpdateUserError.BadPassword, "Invalid Password");
then you would catch it
try {}
catch (UpdateUserException e)
{
if (e.ErrorCondition == UpdateUserException.BadPassword)
{
// handle your exception.
}
}
Have a look at the UserManager ChangePassword Method.
You can bind the UserManager to use DependencyInjection like this (in Startup.cs)
public async void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
app.UseAuthentication();
app.UseMvc();
var scopeFactory = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>();
using (var scope = scopeFactory.CreateScope())
{
UserManager<User> userManager = scope.ServiceProvider.GetRequiredService<UserManager<User>>();
}
}
And then in your Controller s Constructor
private readonly UserManager<User> _userManager;
public AccountController(UserManager<User> userManager)
{
_userManager = userManager;
}
And finally your endpoint:
[HttpPost("ChangePassword")]
public async Task<IActionResult> ChangePassword([FromBody]ChangePasswordRequest changePasswordParams)
{
if (changePasswordParams == null)
return BadRequest($"{nameof(changePasswordParams)} must not be null!");
if (string.IsNullOrWhiteSpace(changePasswordParams.OldPassword) || string.IsNullOrWhiteSpace(changePasswordParams.NewPassword))
return BadRequest("old and new passwords have to be provided, but they both are empty.");
var userId = User.Claims.FirstOrDefault(c => c.Type == "id")?.Value;
var user = await _userManager.FindByIdAsync(userId);
var result = await _userManager.ChangePasswordAsync(user, changePasswordParams.OldPassword, changePasswordParams.NewPassword);
if (result.Succeeded)
return NoContent();
return BadRequest(result.Errors);
}
after that you can handle the errors in a switch statement.
Using Exceptions for handled errors are not recommended since they generally ends up with Internal Server error and actually It is beyond of its purpose.
The best approach would be to send BadRequest as It is stated by #maerlin.
However, If you insist to use Exceptions in your application or your applciation is architected to work in this way. I suggest you to inherit new CustomApplcationException class from ApplicationException and then inherit UpdateUserException and vs. from CustomApplicationException class. After that, I Suggest you to handle your exceptions in ErrorHandlingMiddleware and return HandledExceptions at least with BadRequest (400) status code.
The Example Code would be
public class ExceptionMiddleware
{
private readonly RequestDelegate _next;
private readonly ILoggerManager _logger;
public ExceptionMiddleware(RequestDelegate next, ILoggerManager logger)
{
_logger = logger;
_next = next;
}
public async Task InvokeAsync(HttpContext httpContext)
{
try
{
await _next(httpContext);
}
catch (CustomApplicationException cae)
{
await HandleCustomExceptionAsync(httpContext, cae);
}
catch (Exception ex)
{
_logger.LogError($"Something went wrong: {ex}");
await HandleExceptionAsync(httpContext, ex);
}
}
private static Task HandleExceptionAsync(HttpContext context, Exception exception)
{
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
return context.Response.WriteAsync(new ErrorDetails()
{
StatusCode = context.Response.StatusCode,
Message = "Internal Server Error from the custom middleware."
}.ToString());
}
private static Task HandleCustomExceptionAsync(HttpContext context, Exception exception)
{
context.Response.StatusCode = 400;
return context.Response.WriteAsync(new ErrorDetails()
{
StatusCode = context.Response.StatusCode,
Message = exception.Message
}.ToString());
}
}
then you need to regiter middleware in your Startup.cs
app.UseMiddleware<ExceptionMiddleware>();
please see https://code-maze.com/global-error-handling-aspnetcore/ and http://www.talkingdotnet.com/global-exception-handling-in-aspnet-core-webapi/ for further details.
Which is the best way to capture a exception in spring mvc. I am not getting the end to end implementation of the exception handling in spring mvc.
I have implemented #ControllerAdvice. Can you please confirm whether I have implemented in right way to handle the exception.
Question:
How can I handle the service layer exception. Do I have to throw it to controller and then to UI? How it works.
How I can handle the sql exception in DAO layer and other exception like Numberformat exception?
Code:
#RequestMapping(value = "/getDepositSearch", method = RequestMethod.POST)
public String depositNumberData(
#ModelAttribute("searchCondition") String searchCondition,
#ModelAttribute("searchText") String searchText,
final RedirectAttributes redirect, Model depositStatus,
HttpServletRequest request) {
String pageForward = null;
try {
List<MRPSDeposit> depositDetails = null;
if (!searchText.isEmpty()) {
depositDetails = mrpsDeposit.getDepositDetails(searchCondition,
searchText);
}
Map<String, String> searchList = new LinkedHashMap<String, String>();
if (searchCondition.equals(ManagementConstants.DEPOSITDATEKEY)) {
searchList.put(ManagementConstants.DEPOSITDATEKEY,
ManagementConstants.DEPOSITDATEVALUE);
} else if (searchCondition.equals(ManagementConstants.DEPOSITNUMBERKEY)) {
searchList.put(ManagementConstants.DEPOSITNUMBERKEY,
ManagementConstants.DEPOSITNUMBERVALUE);
} else {
searchList.put(ManagementConstants.DEPOSITNUMBERKEY,
ManagementConstants.DEPOSITNUMBERVALUE);
searchList.put(ManagementConstants.DEPOSITDATEKEY,
ManagementConstants.DEPOSITDATEVALUE);
}
if (depositDetails.size() == 0) {
redirect.addFlashAttribute("flashMessage",
ManagementConstants.NORECORDFOUND);
pageForward = "redirect:/mrps/getDepositDetails";
} else if (depositDetails.size() > 1) {
Map<String, Map<String, String>> search = new HashMap<String, Map<String, String>>();
search.put("searchContent", searchList);
depositStatus.addAttribute("searchAllContents", search);
depositStatus.addAttribute("depositDetails", depositDetails);
pageForward = "multipleDepositDetails";
} else {
Map<String, Map<String, String>> search = new HashMap<String, Map<String, String>>();
search.put("searchContent", searchList);
depositStatus.addAttribute("searchAllContents", search);
depositStatus.addAttribute("depositDetails", depositDetails);
if (request.isUserInRole("ROLE_READ")) {
pageForward = "readDepositDetails";
} else {
pageForward = "updateDepositDetails";
}
}
} catch (InfoManagementException e) {
System.out.println("weee"+e);
}
return pageForward;
}
Service layer:
#Override
#Transactional(readOnly = true)
public List<MRPSDeposit> getDepositDetails(String searchCondition,
String searchText) {
List<MRPSDeposit> mrpsDepositDetails = new ArrayList<MRPSDeposit>();
/* try { */
SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd",
Locale.ENGLISH);
if (searchCondition.equalsIgnoreCase(ManagementConstants.DEPOSITNUMBERKEY)) {
System.out.println("finalal");
mrpsDepositDetails = mrpsDepositDao.findByDepositNumber(
searchCondition, Short.valueOf(searchText));
} else {
try {
mrpsDepositDetails = mrpsDepositDao.findByDepositDate(
searchCondition, formatter.parse(searchText));
} catch (ParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return mrpsDepositDetails;
}
DAO layer:
#Override
public List<MRPSDeposit> findByDepositNumber(String searchCondition,
Short searchTxt) {
List<MRPSDeposit> searchResult = super.findByDepositNumber(
searchCondition, searchTxt);
return searchResult;
}
Controller Advice:
#ControllerAdvice
public class GlobalExceptionController {
#ExceptionHandler(InfoManagementException.class)
public ModelAndView handleCustomException(InfoManagementException ex) {
ModelAndView model = new ModelAndView("error/generic_error");
System.out.println();
model.addObject("errCode", ex.getErrCode());
model.addObject("errMsg", ex.getErrMsg());
return model;
}
#ExceptionHandler(Exception.class)
public ModelAndView handleAllException(Exception ex) {
ModelAndView model = new ModelAndView("error/generic_error");
model.addObject("errMsg", "this is Exception.class");
return model;
}
}
How can I handle the service layer exception. Do I have to throw it to
controller and then to UI? How it works.
In both cases that depends on what are your requirements. There are cases when you will need to show the same page with an error message, also there are some cases when you need to redirect to another error page. In other cases probably you don't need to show any error message.
It's common to throw the exception to the controller then process it in the controller advice and show an readable error message on the UI. In the controller advice you can determine the page that will show the message and also log the error message.
How I can handle the sql
exception in DAO layer and other exception like Numberformat
exception?
I would recommed you to use input validation in the controller. If you use it, then you won't get this kind of error. But if you don't have input validation you can throw the exception and show a message on the UI.
Update
You can leave your service layer as you have at this moment and process the exception in the ControllerAdvice. If you want to process the exception in the service layer you can do this with a try/catch.
public void myServiceMethod(){
try{
...
}catch(Exception1 e){//Every catch block can capture a group of exceptions.
//Depending on your business logic, you can throw a new Exception, log it, or do some logic.
logger.log("My error: ", e);
}catch(Exception2 e){//Every catch block can capture a group of exceptions.
throw new MyBusinessException("Something ocurred", e);
}
}
Then in your ControllerAdvice you need to process MyBusinessException and do what you need.
I've implemented a custom exception filter to my Web API. It is working as intended, except for one small detail...
In the following code sample, SaveToErrorLog saves exception details and tries to get the request url from context.Request.RawUrl. But context.Request does not contain the url that the API tried to serve when the exception happened. Is there a way to get the url when using an exception filter like this?
public class APIExceptionFilter : ExceptionFilterAttribute
{
private HttpContextBase context;
public APIExceptionFilter()
{
context = new HttpContextWrapper(HttpContext.Current);
}
public override void OnException(HttpActionExecutedContext actionContext)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
if (actionContext != null && context != null)
{
facade.SaveToErrorLog(actionContext.Exception, context.Request);
}
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = new StringContent(actionContext.Exception.Message),
ReasonPhrase = "APIException"
});
}
}
As per the comment above by #emre_nevayeshirazi, you need to use the HttpActionExecutedContext. This gives you access to the request and then the required Uri.
public override void OnException(HttpActionExecutedContext actionExecutedContext)
{
var requestedUri = actionExecutedContext.Request.RequestUri;
//Do something
}
I was trying to write an interceptor using spring AOP.The interceptor will find if a request URL is a bookmark,if so will redirect to the authentication page.
Code Snippet:
public Object invoke(MethodInvocation invocation) throws Throwable {
logger.entering(this.getClass().getSimpleName(), "invoke", invocation);
Object result = null;
try {
// Logic to exclude the beans as per the list in the configuration.
boolean excluded = false;
for (String excludebean : excludedBeans) {
if (excludebean != null && excludebean.equalsIgnoreCase(invocation.getThis().getClass().getSimpleName())) {
excluded = true;
break;
}
}
// If the Target Method is "toString", then set EXCLUDE to TRUE and process the request
if(excluded == false && invocation.getMethod().getName().equalsIgnoreCase("toString"))
{
excluded = true;
}
// if user session object is available, then process the request or
// else forward to the configured view.
if (excluded || getSessionHolder().getUserVO() != null) {
result = invocation.proceed();
}
else {
logger.logp(Level.INFO, this.getClass().getSimpleName(),
"invoke(MethodInvocation)", "User Object is "+ getSessionHolder().getUserVO()
+ ". So redirecting user to home page");
result = new ModelAndView("redirect:/security/authenticate.do");
}
}
catch (Throwable ex) {
throw ex;
}
logger.exiting(this.getClass().getSimpleName(), "invoke");
return result;
}
When I debug the control comes inside the else block as expected but after I return the result,control goes to the handle method for the bookmarked URl ratehr than the handler for the redirect view.
Pls help me on this..Thanks in advance.
Why Do you need AOP for the interceptor. You can redirect easily using Regular interceptor.
public class RedirectInterceptor extends HandlerInterceptorAdapter{
private String redirectMapping;
public void setRedirectMapping(String redirectMapping) {
this.redirectMapping = **maintenanceMapping**;
}
//before the actual handler will be executed
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
if (somethingHappened){
response.sendRedirect(redirectMapping);
return false;
} else
return true;
}
}