Error Handling for REST with Spring

Table of Contents

1. Overview

This article will illustrate how to implement Exception Handling with Spring for a REST API. We’ll look the recommended solution in Spring 3.2, but also at the older solutions available in Spring 3.1 and earlier.

Our main goal is to map Exceptions in the application to HTTP Status Codes published to the client. We will not focus to much on which status codes are suitable for which scenarios.

Before Spring 3.2, the two main approaches to handling exceptions in a Spring MVC application were: HandlerExceptionResolver and the @ExceptionHandler annotation. Spring 3.2 introduced the new @ControllerAdvice annotation to address the limitations of the previous two solutions.

All of these do have one thing in common – they deal with the separation of concerns very well: the standard application code can throw exception normally to indicate a failure of some kind – exceptions which will then be handled via any of the following.

2. Via Controller level @ExceptionHandler

The first solution works at the @Controller level – we will define a method to handle exceptions, and annotate that with @ExceptionHandler:

public class FooController{
    ...
    @ExceptionHandler({ CustomException1.class, CustomException2.class })
    public void handleException() {
        //
    }
}

This approach has a major drawback – the @ExceptionHandler annotated method is only active for that particular Controller, not globally for the entire application. Of course, this makes it not well suited for a generic exception handling mechanism.

This is commonly addressed by having all Controllers extend a Base Controller class – however, this can be a problem for applications where, for whatever reasons, the Controllers cannot be made to extend from such a class. For example, the Controllers may already extend from another base class which may be in another jar or not directly modifiable, or may themselves not be directly modifiable.

Next, we’ll look at another way to solve the exception handling problem – one that is global and does not include any changes to existing artifacts such as Controllers.

3. Via HandlerExceptionResolver

The second solution is to define an HandlerExceptionResolver – this will resolve any exception thrown by the application. It will also allow us to implement a uniform exception handling mechanism in our REST API.

Before going for a custom resolver, let’s go over the existing implementations.

3.1. ExceptionHandlerExceptionResolver

This resolver was introduced in Spring 3.1 and is enabled by default in the DispatcherServlet. This is actually the core component of how the @ExceptionHandler mechanism presented earlier works.

3.2. DefaultHandlerExceptionResolver

This resolver was introduced in Spring 3.0 and is enabled by default in the DispatcherServlet. It is used to resolve standard Spring exceptions to their corresponding HTTP Status Codes, namely Client error – 4xx and Server error – 5xx status codes. Here is the full list of the Spring Exceptions it handles, and how these are mapped to status codes.

While it does set the Status Code of the Response properly, one limitation of this resolver is that it doesn’t set anything to the body of the Response. However, in the context of a REST API, the Status Code is really not enough information to present to the Client – the response has to have a body as well, to allow the application to give additional information about the cause of the failure.

This can be solved by configuring View resolution and rendering error content through ModelAndView, but the solution is clearly not optimal – which is why a better option has been made available with Spring 3.2 – we’ll talk about that in the latter part of this article.

3.3. ResponseStatusExceptionResolver

This resolver was also introduced in Spring 3.0 and is enabled by default in the DispatcherServlet. It’s main responsibility is to use the @ResponseStatus annotation available on custom exceptions and to map these exceptions to HTTP status codes.

Such a custom exception may look like:

@ResponseStatus(value = HttpStatus.NOT_FOUND)
public final class ResourceNotFoundException extends RuntimeException {
    public ResourceNotFoundException() {
        super();
    }
    public ResourceNotFoundException(String message, Throwable cause) {
        super(message, cause);
    }
    public ResourceNotFoundException(String message) {
        super(message);
    }
    public ResourceNotFoundException(Throwable cause) {
        super(cause);
    }
}

Same as the DefaultHandlerExceptionResolver, this resolver is limited in the way it deals with the body of the response – it does map the Status Code on the response, but the body is still null.

3.4. SimpleMappingExceptionResolver and AnnotationMethodHandlerExceptionResolver

The SimpleMappingExceptionResolver has been around for quite some time – it comes out of the older Spring MVC model and is not very relevant for a REST Service. It is used to map exception class names to view names.

The AnnotationMethodHandlerExceptionResolver was introduced in Spring 3.0 to handle exceptions through the @ExceptionHandler annotation, but has been deprecated by ExceptionHandlerExceptionResolver as of Spring 3.2.

3.5. Custom HandlerExceptionResolver

The combination of DefaultHandlerExceptionResolver and ResponseStatusExceptionResolver goes a long way towards providing a good error handling mechanism for a Spring RESTful Service. There is however a major limitation – no control over the body of the response.

Ideally, we’d like to be able to output either JSON or XML, depending on what format the client has asked for (via the Accept header).

This alone justifies creating a new, custom exception resolver:

@Component
public class RestResponseStatusExceptionResolver extends AbstractHandlerExceptionResolver {

    @Override
    protected ModelAndView doResolveException
      (HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
        try {
            if (ex instanceof IllegalArgumentException) {
                return handleIllegalArgument((IllegalArgumentException) ex, response, handler);
            }
            ...
        } catch (Exception handlerException) {
            logger.warn("Handling of [" + ex.getClass().getName() + "] 
              resulted in Exception", handlerException);
        }
        return null;
    }

    private ModelAndView handleIllegalArgument
      (IllegalArgumentException ex, HttpServletResponse response) throws IOException {
        response.sendError(HttpServletResponse.SC_CONFLICT);
        String accept = request.getHeader(HttpHeaders.ACCEPT);
        ...
        return new ModelAndView();
    }
}

One detail to notice here is the Request itself is available, so the application can consider the value of the Accept header sent by the client. For example, if the client asks for application/json then, in case of an error condition, the application should still return a response body encoded with application/json.

The other important implementation detail is that a ModelAndView is returned – this is the body of the response and it will allow the application to set whatever is necessary on it.

This approach is a consistent and easily configurable mechanism for the error handling of a Spring REST Service. It is does however have limitations: it’s interacting with the low level HtttpServletResponse and it fits into the old MVC model which uses ModelAndView – so there’s still room for improvement.

4. Via new @ControllerAdvice (Spring 3.2 And Above)

5. Conclusion

This tutorial discussed several ways to implement an exception handling mechanism for a REST API in Spring, starting with the older mechanism and continuing with the new Spring 3.2 support.

For a full implementation of these exception handling mechanisms working in a real-world REST Service, check out the github project.

I usually post about REST APIs and HTTP on Google+ - you can follow me there:

Get My 3 Spring eBooks
Learn how to properly build Web App with Spring (and how to prototype 90% of it very quickly)
×
Build Web App with Spring (and prototype it to 90% very quickly)

,

  • Federico

    This has been quite helpful but I think there’s a missing piece. To write content when access is denied I had to configure the app like this:

    ….

    • baeldung

      These techniques are mainly security agnostic. In the case of a Spring Security enabled application, I’ll take a crack at an example soon and follow up on this thread.
      Cheers,
      Eugen.

      • Eric B

        @baeldung:disqus Have you had a chance to put together a Spring Security example yet for exception handling? I too have only come up with the solution presented by @Federico but would like to find something more central that I can use as a resolver as opposed to having a resolver for my MVC component and a Handler for my security component.

        • http://www.baeldung.com/ Eugen Paraschiv

          Not yet Eric – I’m planning to work on that at some point, but haven’t had to much time to write lately. I’m hopping to get to it soon. Cheers,
          Eugen.

  • Rodislav Moldovan

    for REST api’s I usually create special class called [Response] with 3 fields, isError, message, data, in other cases I write the error messages through the modelView directly into page

    usually, I don’t use generic handlers, but after reading this post I think I’ll give them a try

    • http://www.baeldung.com/ Eugen Paraschiv

      In my view – they’re not mutually exclusive – in fact, instead of the simple “This should be application specific” String, I use a very similar class – I have yet to write about it, but basically it replaces that String.
      Let me know how using the generic handler goes for you.
      Cheers,
      Eugen.