Rule Definition
The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.
Remediation
we should not use "ControllerAdvice" and "HandlerExceptionResolver" in same application.
Violation Code Sample
Usage of @ControllerAdvice Sample:
package com.concretepage.controller;
import java.io.IOException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.servlet.ModelAndView;
import com.concretepage.exception.KeywordNotFoundException;
@ControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler(IOException.class)
public ModelAndView myError(Exception exception) {
System.out.println("----Caught IOException----");
ModelAndView mav = new ModelAndView();
mav.addObject("exception", exception);
mav.setViewName("globalerror");
return mav;
}
@ExceptionHandler(KeywordNotFoundException.class)
public String notFound() {
System.out.println("----Caught KeywordNotFoundException----");
return "404";
}
}
------------------
Usage of HandlerExceptionResolver Sample:
package com.logicbig.example;
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@EnableWebMvc
public class Config {
@Bean
HandlerExceptionResolver errorHandler () {
return new HandlerExceptionResolver() {
@Override
public ModelAndView resolveException (HttpServletRequest request,
HttpServletResponse response,
Object handler,
Exception ex) {
ModelAndView model = new ModelAndView("error-page");
model.addObject("exceptionType", ex);
model.addObject("handlerMethod", handler);
return model;
}
};
}
//registering an interceptor
Reference
https://spring.io/blog/2013/11/01/exception-handling-in-spring-mvc
Related Technologies
Technical Criterion
Programming Practices - Error and Exception Handling
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.