Skip to content

Commit 6cd9f5b

Browse files
clam2310clam2310
authored
Merge pull request #118 from EUSurvey/ESURVEY-6563
ESURVEY-6563 Production error log full of RequestRejectedExceptions
2 parents c2184b4 + 0e978eb commit 6cd9f5b

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

src/main/java/com/ec/survey/controller/HttpErrorController.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,9 @@
66
import javax.servlet.http.HttpServletResponse;
77

88
import org.springframework.http.HttpStatus;
9+
import org.springframework.security.web.firewall.RequestRejectedException;
910
import org.springframework.stereotype.Controller;
11+
import org.springframework.web.bind.annotation.RequestAttribute;
1012
import org.springframework.web.bind.annotation.RequestMapping;
1113
import org.springframework.web.bind.annotation.ResponseStatus;
1214
import org.springframework.web.servlet.ModelAndView;
@@ -65,4 +67,19 @@ public ModelAndView handlefrozen(HttpServletRequest request){
6567
return new ModelAndView("error/frozen","error","exception" );
6668
}
6769

70+
@RequestMapping(value = "/request-rejected")
71+
@ResponseStatus(HttpStatus.BAD_REQUEST)
72+
public ModelAndView handleRequestRejected(
73+
@RequestAttribute("javax.servlet.error.exception") RequestRejectedException ex,
74+
@RequestAttribute("javax.servlet.error.request_uri") String uri, HttpServletRequest request) {
75+
76+
String msg = ex.getMessage();
77+
78+
logger.error(String.format("Request with URI [%s] rejected. %s", uri, msg));
79+
80+
request.getSession().setAttribute("lastErrorCode", 403);
81+
request.getSession().setAttribute("lastErrorTime", new Date());
82+
request.getSession().setAttribute("lastErrorURL", request.getAttribute("javax.servlet.error.request_uri"));
83+
return new ModelAndView("error/403","error", 403);
84+
}
6885
}

src/main/webapp/WEB-INF/web.xml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,11 @@
104104
<error-page>
105105
<exception-type>java.lang.Exception</exception-type>
106106
<location>/errors/500.html</location>
107-
</error-page>
107+
</error-page>
108+
<error-page>
109+
<exception-type>org.springframework.security.web.firewall.RequestRejectedException</exception-type>
110+
<location>/errors/request-rejected</location>
111+
</error-page>
108112
<jsp-config>
109113
<taglib>
110114
<taglib-uri>http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</taglib-uri>

0 commit comments

Comments
 (0)