1. Overview

In this tutorial – we'll discuss how to implement an global error handler for a Spring REST API.

We will use the semantics of each exception to build out meaningful error messages for client, with the clear goal of giving that client all the info to easily diagnose the problem.

Further reading: Spring ResponseStatusException Learn how to apply status codes to HTTP responses in Spring with ResponseStatusException. Read more → Error Handling for REST with Spring Exception Handling for a REST API - illustrate the new Spring 3.2 recommended approach as well as earlier solutions . Read more →

2. A Custom Error Message

Let's start by implementing a simple structure for sending errors over the wire – the ApiError:

public class ApiError { private HttpStatus status; private String message; private List<String> errors; public ApiError(HttpStatus status, String message, List<String> errors) { super(); this.status = status; this.message = message; this.errors = errors; } public ApiError(HttpStatus status, String message, String error) { super(); this.status = status; this.message = message; errors = Arrays.asList(error); } }

The information here should be straightforward:

status: the HTTP status code

message: the error message associated with exception

error: List of constructed error messages

And of course, for the actual exception handling logic in Spring, we'll use the @ControllerAdvice annotation:

@ControllerAdvice public class CustomRestExceptionHandler extends ResponseEntityExceptionHandler { ... }

3. Handle Bad Request Exceptions

3.1. Handling the Exceptions

Now, let's see how we can handle the most common client errors – basically scenarios of a client sent an invalid request to the API:

BindException: This exception is thrown when fatal binding errors occur.

MethodArgumentNotValidException: This exception is thrown when argument annotated with @Valid failed validation:

@Override protected ResponseEntity<Object> handleMethodArgumentNotValid( MethodArgumentNotValidException ex, HttpHeaders headers, HttpStatus status, WebRequest request) { List<String> errors = new ArrayList<String>(); for (FieldError error : ex.getBindingResult().getFieldErrors()) { errors.add(error.getField() + ": " + error.getDefaultMessage()); } for (ObjectError error : ex.getBindingResult().getGlobalErrors()) { errors.add(error.getObjectName() + ": " + error.getDefaultMessage()); } ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), errors); return handleExceptionInternal( ex, apiError, headers, apiError.getStatus(), request); }

As you can see, we are overriding a base method out of the ResponseEntityExceptionHandler and providing our own custom implementation.

That's not always going to be the case – sometimes we're going to need to handle a custom exception that doesn't have a default implementation in the base class, as we'll get to see later on here.

Next:

MissingServletRequestPartException: This exception is thrown when when the part of a multipart request not found

MissingServletRequestParameterException: This exception is thrown when request missing parameter:

@Override protected ResponseEntity<Object> handleMissingServletRequestParameter( MissingServletRequestParameterException ex, HttpHeaders headers, HttpStatus status, WebRequest request) { String error = ex.getParameterName() + " parameter is missing"; ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), error); return new ResponseEntity<Object>( apiError, new HttpHeaders(), apiError.getStatus()); }

ConstrainViolationException: This exception reports the result of constraint violations:

@ExceptionHandler({ ConstraintViolationException.class }) public ResponseEntity<Object> handleConstraintViolation( ConstraintViolationException ex, WebRequest request) { List<String> errors = new ArrayList<String>(); for (ConstraintViolation<?> violation : ex.getConstraintViolations()) { errors.add(violation.getRootBeanClass().getName() + " " + violation.getPropertyPath() + ": " + violation.getMessage()); } ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), errors); return new ResponseEntity<Object>( apiError, new HttpHeaders(), apiError.getStatus()); }

TypeMismatchException: This exception is thrown when try to set bean property with wrong type.

MethodArgumentTypeMismatchException: This exception is thrown when method argument is not the expected type:

@ExceptionHandler({ MethodArgumentTypeMismatchException.class }) public ResponseEntity<Object> handleMethodArgumentTypeMismatch( MethodArgumentTypeMismatchException ex, WebRequest request) { String error = ex.getName() + " should be of type " + ex.getRequiredType().getName(); ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), error); return new ResponseEntity<Object>( apiError, new HttpHeaders(), apiError.getStatus()); }

3.2. Consuming the API from the Client

Let's now have a look at a a test that runs into a MethodArgumentTypeMismatchException: we'll send a request with id as String instead of long:

@Test public void whenMethodArgumentMismatch_thenBadRequest() { Response response = givenAuth().get(URL_PREFIX + "/api/foos/ccc"); ApiError error = response.as(ApiError.class); assertEquals(HttpStatus.BAD_REQUEST, error.getStatus()); assertEquals(1, error.getErrors().size()); assertTrue(error.getErrors().get(0).contains("should be of type")); }

And finally – considering this same request: :

Request method: GET Request path: http://localhost:8080/spring-security-rest/api/foos/ccc

Here's what this kind of JSON error response will look like:

{ "status": "BAD_REQUEST", "message": "Failed to convert value of type [java.lang.String] to required type [java.lang.Long]; nested exception is java.lang.NumberFormatException: For input string: \"ccc\"", "errors": [ "id should be of type java.lang.Long" ] }

4. Handle NoHandlerFoundException

Next, we can customize our servlet to throw this exception instead of send 404 response – as follows:

<servlet> <servlet-name>api</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>throwExceptionIfNoHandlerFound</param-name> <param-value>true</param-value> </init-param> </servlet>

Then, once this happens, we we can simply handle it just as any other exception:

@Override protected ResponseEntity<Object> handleNoHandlerFoundException( NoHandlerFoundException ex, HttpHeaders headers, HttpStatus status, WebRequest request) { String error = "No handler found for " + ex.getHttpMethod() + " " + ex.getRequestURL(); ApiError apiError = new ApiError(HttpStatus.NOT_FOUND, ex.getLocalizedMessage(), error); return new ResponseEntity<Object>(apiError, new HttpHeaders(), apiError.getStatus()); }

Here is a simple test:

@Test public void whenNoHandlerForHttpRequest_thenNotFound() { Response response = givenAuth().delete(URL_PREFIX + "/api/xx"); ApiError error = response.as(ApiError.class); assertEquals(HttpStatus.NOT_FOUND, error.getStatus()); assertEquals(1, error.getErrors().size()); assertTrue(error.getErrors().get(0).contains("No handler found")); }

Let's have a look at the full request:

Request method: DELETE Request path: http://localhost:8080/spring-security-rest/api/xx

And the error JSON response:

{ "status":"NOT_FOUND", "message":"No handler found for DELETE /spring-security-rest/api/xx", "errors":[ "No handler found for DELETE /spring-security-rest/api/xx" ] }

5. Handle HttpRequestMethodNotSupportedException

Next, let's have a look at another interesting exception – the HttpRequestMethodNotSupportedException – which occurs when you send a requested with an unsupported HTTP method:

@Override protected ResponseEntity<Object> handleHttpRequestMethodNotSupported( HttpRequestMethodNotSupportedException ex, HttpHeaders headers, HttpStatus status, WebRequest request) { StringBuilder builder = new StringBuilder(); builder.append(ex.getMethod()); builder.append( " method is not supported for this request. Supported methods are "); ex.getSupportedHttpMethods().forEach(t -> builder.append(t + " ")); ApiError apiError = new ApiError(HttpStatus.METHOD_NOT_ALLOWED, ex.getLocalizedMessage(), builder.toString()); return new ResponseEntity<Object>( apiError, new HttpHeaders(), apiError.getStatus()); }

Here is a simple test reproducing this exception:

@Test public void whenHttpRequestMethodNotSupported_thenMethodNotAllowed() { Response response = givenAuth().delete(URL_PREFIX + "/api/foos/1"); ApiError error = response.as(ApiError.class); assertEquals(HttpStatus.METHOD_NOT_ALLOWED, error.getStatus()); assertEquals(1, error.getErrors().size()); assertTrue(error.getErrors().get(0).contains("Supported methods are")); }

And here's the full request:

Request method: DELETE Request path: http://localhost:8080/spring-security-rest/api/foos/1

And the error JSON response:

{ "status":"METHOD_NOT_ALLOWED", "message":"Request method 'DELETE' not supported", "errors":[ "DELETE method is not supported for this request. Supported methods are GET " ] }

6. Handle HttpMediaTypeNotSupportedException

Now, let's handle HttpMediaTypeNotSupportedException – which occurs when the client send a request with unsupported media type – as follows:

@Override protected ResponseEntity<Object> handleHttpMediaTypeNotSupported( HttpMediaTypeNotSupportedException ex, HttpHeaders headers, HttpStatus status, WebRequest request) { StringBuilder builder = new StringBuilder(); builder.append(ex.getContentType()); builder.append(" media type is not supported. Supported media types are "); ex.getSupportedMediaTypes().forEach(t -> builder.append(t + ", ")); ApiError apiError = new ApiError(HttpStatus.UNSUPPORTED_MEDIA_TYPE, ex.getLocalizedMessage(), builder.substring(0, builder.length() - 2)); return new ResponseEntity<Object>( apiError, new HttpHeaders(), apiError.getStatus()); }

Here is a simple test running into this issue:

@Test public void whenSendInvalidHttpMediaType_thenUnsupportedMediaType() { Response response = givenAuth().body("").post(URL_PREFIX + "/api/foos"); ApiError error = response.as(ApiError.class); assertEquals(HttpStatus.UNSUPPORTED_MEDIA_TYPE, error.getStatus()); assertEquals(1, error.getErrors().size()); assertTrue(error.getErrors().get(0).contains("media type is not supported")); }

Finally – here's a sample request:

Request method: POST Request path: http://localhost:8080/spring-security- Headers: Content-Type=text/plain; charset=ISO-8859-1

And the error JSON response:

{ "status":"UNSUPPORTED_MEDIA_TYPE", "message":"Content type 'text/plain;charset=ISO-8859-1' not supported", "errors":["text/plain;charset=ISO-8859-1 media type is not supported. Supported media types are text/xml application/x-www-form-urlencoded application/*+xml application/json;charset=UTF-8 application/*+json;charset=UTF-8 */" ] }

7. Default Handler

Finally, let's implement a fall-back handler – a catch-all type of logic that deals with all other exceptions that don't have specific handlers:

@ExceptionHandler({ Exception.class }) public ResponseEntity<Object> handleAll(Exception ex, WebRequest request) { ApiError apiError = new ApiError( HttpStatus.INTERNAL_SERVER_ERROR, ex.getLocalizedMessage(), "error occurred"); return new ResponseEntity<Object>( apiError, new HttpHeaders(), apiError.getStatus()); }

8. Conclusion

Building a proper, mature error handler for a Spring REST API is tough and definitely an iterative process. Hopefully, this tutorial will be a good starting point towards doing that for your API and also a good anchor for how you should look at helping the clients of your API quickly and easily diagnose errors and move past them.

The full implementation of this tutorial can be found in the Github project – this is an Eclipse based project, so it should be easy to import and run as it is.