Spring Boot @ExceptionHandler没有捕获相关异常

Question

I'm building an API using Spring Boot. I've setup an authentication filter to grab a token from the request header and authenticate it. If a user couldn't be found using the token, then an InvalidWSUserException is thrown.

I've created a class to hold a number of @ExceptionHandlers so that I can catch the InvalidWSUserException and respond with a JSON string advising the requesting client that the token in their request was invalid.

I've had this working on another project, but I seem unable to get it working in this new project.

The InvalidWSUserException is empty as the Handler should handle the response;

public class InvalidWSUserException extends RuntimeException {
}

I've defined the handler class as so;

@ControllerAdvice
public class ExceptionController {

    @ExceptionHandler(value=InvalidWSUserException.class)
    public ResponseEntity invalidWSUserException(InvalidWSUserException exception) {
        return new WSResponse().send(HttpStatus.UNAUTHORIZED, "Invalid token.");
    }

}

I have had a problem in a previous project where the class that was throwing the exception hadn't been instantiated by Spring via a Bean, but I've checked over this class, and the class that is raising the exception is instantiated by an @Autowired annotation.

I'm struggling to understand why the @ExceptionHandler isn't doing what I think it should.

To confirm, the output I see in the browser is an error 500 json response; where as it should be the EntityResponse from the @ExceptionHandler

{
  "timestamp": 1470833849289,
  "status": 500,
  "error": "Internal Server Error",
  "exception": "digital.sheppard.exceptions.InvalidWSUserException",
  "message": "No message available",
  "path": "/api/product"
}

Answer 1

I'm working with JSON Web Token for Java library, and, as you put above, I had the same error in authentication service. I've tried with @ControllerAdvice, but had no solution.

After a long research, I've found a solution. You have to implement your JwtFilter , and, instead of launching an exception, you have to modify your HttpServletResponse value in order to add the following:

if (authHeader == null || !authHeader.startsWith("Bearer ")) {
   //throw new UnauthorizedErrorException(UnauthorizedErrorException.ErrorCodes.INVALID_TOKEN);

   response.addHeader("Content-Type", "application/json");
   response.getWriter().print(getErrorJson());    
   response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

   return;
}

final String token = authHeader.substring(7);

try {
   final Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody();
   request.setAttribute("claims", claims);
} catch (final SignatureException e) {
   //throw new UnauthorizedErrorException(UnauthorizedErrorException.ErrorCodes.INVALID_TOKEN);

   response.addHeader("Content-Type", "application/json");
   response.getWriter().print(getErrorJson());           
   response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

   return;
}

chain.doFilter(req, res);

As you can see, I've commented the exception launch and I change it for the response header override. getErrorJson() returns a JSON value as a string (Or you can only put an string as your body).

I hope that this works for you.

PD: I've follow this instructions in order to implement auth.