@ComponentSpecification public interface ExceptionUtil extends ExceptionUtilLimited, Security
Throwable
s).
It is especially useful for converting exceptions at application
barriers
, e.g. to prevent violating the OWASP principle sensitive data exposure.Modifier and Type | Field and Description |
---|---|
static String |
CDI_NAME
The
CDI name . |
static StackTraceElement[] |
NO_STACKTRACE
The empty stacktrace.
|
Modifier and Type | Method and Description |
---|---|
Throwable |
convertForClient(Throwable exception)
Converts the given
exception for the client. |
Throwable |
convertForSerialization(Throwable exception,
ExceptionTruncation truncation)
Converts the given
exception so it is ensured to be serializable. |
Throwable |
convertForUser(Throwable exception,
ExceptionTruncation truncation)
Converts the given
exception for end-users with potential truncation. |
convertForUser, getStacktrace
static final String CDI_NAME
CDI name
.static final StackTraceElement[] NO_STACKTRACE
Throwable convertForSerialization(Throwable exception, ExceptionTruncation truncation)
exception
so it is ensured to be serializable.exception
- is the Throwable
to convert.truncation
- the ExceptionTruncation
to configure if details shall be removed. E.g.
ExceptionTruncation.REMOVE_ALL
.exception
. Guaranteed to implement
NlsThrowable
. By default an instance of
GenericSerializableException
.GenericSerializableException
,
NlsThrowable.createCopy(ExceptionTruncation)
Throwable convertForUser(Throwable exception, ExceptionTruncation truncation)
exception
for end-users with potential truncation.exception
- is the exception to wrap.truncation
- the ExceptionTruncation
to configure if details shall be removed. E.g.
ExceptionTruncation.REMOVE_ALL
.NlsThrowable
.ExceptionUtilLimited.convertForUser(Throwable)
Throwable convertForClient(Throwable exception)
exception
for the client. With client we mean any kind of system
that calls the current application via a remote interface. This can be a user-interface client, a
different server application, or the like. If the exception would be send to the client as is, then all
exception classes have to be available on the client side for de-serialization and all error details are
exposed to the client violating the OWASP principle sensitive data exposure. environment
. In development environment
and test environment
the details should be retained to support debugging. However, in
environments close
to production
, the details shall be removed.converted for the end-user
so that confusion with
technical details and exposure of internals in messages is avoided.converted
for serialization
.NlsThrowable
such as the
UUID
that is logged and transferred to the client,
you should call ExceptionUtilLimited.convertForUser(Throwable)
in advance.Copyright © 2001–2014 mmm-Team. All rights reserved.