Original issue MVC_SPEC-70 created by Christian Kaltepoth:
Ozark currently throws a CsrfValidationException if a controller method requires a valid CSRF token but the CSRF token validation failed. There is a default exception mapper that handles this exception. The goal of introducing this exception was that users can create a custom ExceptionMapper for it to customize the error handling.
We discussed this on the list and decided that this should be moved to the spec.
Original issue MVC_SPEC-70 created by Christian Kaltepoth:
Ozark currently throws a
CsrfValidationException
if a controller method requires a valid CSRF token but the CSRF token validation failed. There is a default exception mapper that handles this exception. The goal of introducing this exception was that users can create a customExceptionMapper
for it to customize the error handling.We discussed this on the list and decided that this should be moved to the spec.
https://java.net/projects/mvc-spec/lists/jsr371-experts/archive/2016-03/message/15
Unfortunately JAX-RS doesn't handle multiple exceptions mappers for the same type very well:
https://java.net/projects/jax-rs-spec/lists/users/archive/2016-07/message/3
Therefore we should postpone this feature and wait for JAX-RS to resolve this.