Closed oleborup closed 5 months ago
With Spring Boot 3.2 and Jetty 12, you can suppress the body of an error that occurs in a situation where it cannot be handled by Spring Boot with the following customizer and error handler:
@Bean
JettyServerCustomizer customizer() {
return (server) -> {
ErrorHandler errorHandler = new NoBodyErrorHandler();
server.setErrorHandler(errorHandler);
server.getHandlers().forEach((handler) -> {
if (handler instanceof WebAppContext webAppContext) {
webAppContext.addConfiguration(new AbstractConfiguration(new AbstractConfiguration.Builder()) {
@Override
public void configure(WebAppContext context) throws Exception {
context.setErrorHandler(errorHandler);
}
});
}
});
};
}
static class NoBodyErrorHandler extends ErrorHandler {
@Override
protected void writeErrorHtml(Request request, Writer writer, Charset charset, int code, String message,
Throwable cause, boolean showStacks) throws IOException {
}
}
With this in place, all three tests in your sample should now pass.
Works! Thanks @wilkinsona 🙏
We use Spring Boot with Jetty and Jersey for microservices. For security reasons we want to expose as little server identification and implementation details as possible. After Spring Boot 3.x upgrade, Jetty embedded webserver shows Jetty standard error page on invalid requests with servlet and stack trace. Spring Boot properties should not allow this:
Version and settings
Spring Boot 3.2.4 (Jetty 12.0.7) Java 17
We use
spring.jersey.type=filter
but have same problem withservlet
. Other than that no altered properties.Example project
https://github.com/oleborup/spring-boot-jetty-jersey-error-handling
To reproduce:
Two tests fail. One requests with invalid
Content-Type
the other with invalid URI/}}
.First produces:
The second also shows stack trace
Observations
Works correctly with
spring-boot-starter-undertow
.Using
spring.jersey.type=servlet
the second test does not show stack trace, but still:We have previously implemented custom Jetty error handler to not leak implementation details, but stopped working with upgrade to Spring Boot 3. Have not figured out how to make a custom error handler with Spring Boot 3.2 and Jetty 12, or if that could resolve the issue. Would prefer to only rely on standard Spring Boot properties.