0

I've implemented a custom error controller to show the user custom error views. I followed a tutorial (can't find it anymore), so my controller looks like this:

@Controller
public class CustomErrorController implements ErrorController {

    @RequestMapping("/error")
    public String handleError(HttpServletRequest request) {
        Object status = request.getAttribute(RequestDispatcher.ERROR_STATUS_CODE);

        if (status != null) {
            Integer statusCode = Integer.valueOf(status.toString());

            if (statusCode == HttpStatus.FORBIDDEN.value()) {
                return "error/403";
            } else if (statusCode == HttpStatus.NOT_FOUND.value()) {
                return "error/404";
            } else if (statusCode == HttpStatus.INTERNAL_SERVER_ERROR.value()) {
                return "error/500";
            }
        }
        return "error/default";
    }

    @Override
    public String getErrorPath() {
        return "/error";
    }

}

So far so good, but since May 17, 2019 SonarQube complains about a @RequestMapping without a method. So I added the 4 methods I am using:

@RequestMapping(value = "/error", method = { RequestMethod.GET, RequestMethod.POST, RequestMethod.PUT,
            RequestMethod.DELETE })

But Sonar now complains that I have too many methods. So what is the correct way to implement a custom ErrorController that complies with this Sonar rule?

Thomas
  • 6,325
  • 4
  • 30
  • 65

3 Answers3

0

Since that is your "default error page" route, it will always be GET due to redirection, so you can safely change to @GetMapping.

Antoniossss
  • 31,590
  • 6
  • 57
  • 99
  • Oh, I haven't thought of that. So even there is an error in a POST the error controller will be executed as a GET? – Thomas Jun 06 '19 at 07:29
  • Ye because you you will get redirection to /error - and that will be finalized with GET by the browser. – Antoniossss Jun 06 '19 at 07:29
  • This answer is not correct. Spring will _not_ send a redirect back to the browser but will redirect to the ErrorController internally - and request sent to the ErrorController will have the same method as the original request that caused the error. – Johan Kaving Jul 08 '21 at 07:43
0

Follow this and write in web.xml

<display-name>App Name </display-name>
<error-page>
<error-code>500</error-code>
<location>/error500.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error404.jsp</location>
</error-page>

Spring MVC: How to return custom 404 errorpages?

Govind Sharma
  • 127
  • 1
  • 4
  • I don't have a web.xml I am using Spring-Boot and beside the application.properties everything is done in code and not XML, but thanks. – Thomas Jun 06 '19 at 07:47
0

You can suppress the specific Sonar rule using @SuppressWarnings("squid:S3752"), like this:

@Controller
public class CustomErrorController implements ErrorController {

    @SuppressWarnings("squid:S3752")
    @RequestMapping("/error")
    public String handleError(HttpServletRequest request) {
        ...
    }

It is better to disable just this specific rule using @SuppressWarnings, rather than, as suggested in a comment, disabling Sonar completely for the line using //NOSONAR (see this question).

The answer by Antoniossss (changing to @GetMapping) is unfortunately not correct.
Spring will not send a redirect back to the browser but will redirect to your CustomErrorController internally - and the redirected request will use the same method as the original request that caused the error.
If you limit the handleError() method to only handle the GET method the client will get a 405 Method not allowed response if the original request was a POST.

Johan Kaving
  • 4,870
  • 1
  • 27
  • 21