--From Spring Boot 2.3, the default error response (error page HTML and error JSON) no longer contains error messages or binding errors. This is a measure to prevent unintended error information from being returned in the response. --By setting the property value, you can control whether error information is output or not.
[DefaultErrorAttributes \ (Spring Boot 2 \ .3 \ .0 \ .RELEASE API )](https://docs.spring.io/spring-boot/docs/2.3.0.RELEASE/api/org/springframework/boot Items to be output are described in /web/servlet/error/DefaultErrorAttributes.html) etc.
--Timestamp: Time when the error was extracted --status: Status code --error: Reason for error --exception: Root exception class name --message: Exception message --errors: Multiple ObjectErrors (binding-errors) set in BindingResult --trace: Exception stack trace --path: URL path when the exception occurred
The presence or absence of output can be controlled by setting the values of server.error.include-message (message) and server.error.include-binding-errors in application.properties.
Spring Boot 2.3 Release Notes · spring-projects/spring-boot Wiki · GitHub
Changes to the Default Error Page’s Content The error message and any binding errors are no longer included in the default error page by default. This reduces the risk of leaking information to a client. server.error.include-message and server.error.include-binding-errors can be used to control the inclusion of the message and binding errors respectively. Supported values are always, on-param, and never.
--server.error.include-message (controls the output of message items) --server.error.include-binding-errors (controls the output of errors items) --server.error.include-stacktrace (controls the output of trace items) --server.error.include-exception (controls the output of exception items)
Here are some examples of error responses with some setting patterns. The HTML and JSON listed are formatted for readability.
Spring Boot 2.2
If you do not specify anything in application.properties. In Spring Boot 2.2, message and errors are output even if nothing is specified.
JSON
{
"timestamp": "2020-07-19T06:14:27.622+0000",
"status": 400,
"error": "Bad Request",
"errors": [
{
"codes": null,
"arguments": null,
"defaultMessage": "Artificially generated foo error",
"objectName": "fooError",
"code": null
},
{
"codes": null,
"arguments": null,
"defaultMessage": "Artificially generated bar error",
"objectName": "barError",
"code": null
}
],
"message": "Validation failed for object='fooBarData'. Error count: 2",
"path": "/json"
}
HTML
<html><body>
<h1>Whitelabel Error Page</h1>
<p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p>
<div id='created'>Sun Jul 19 15:14:30 JST 2020</div>
<div>There was an unexpected error (type=Bad Request, status=400).</div>
<div>Validation failed for object='fooBarData'. Error count: 2</div>
</body></html>
Spring Boot 2.3
If you do not specify anything in application.properties. The setting is such that detailed error information is not output.
JSON
{
"timestamp": "2020-07-19T06:13:46.546+00:00",
"status": 400,
"error": "Bad Request",
"message": "",
"path": "/json"
}
HTML
<html><body>
<h1>Whitelabel Error Page</h1>
<p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p>
<div id='created'>Sun Jul 19 15:13:48 JST 2020</div>
<div>There was an unexpected error (type=Bad Request, status=400).</div>
<div></div>
</body></html>
When you specify the following in application.properties. The setting is such that detailed error information is not output.
server.error.include-message=never
server.error.include-binding-errors=never
server.error.include-stacktrace=never
server.error.include-exception=false
JSON
{
"timestamp": "2020-07-19T06:13:18.720+00:00",
"status": 400,
"error": "Bad Request",
"message": "",
"path": "/json"
}
HTML
<html><body>
<h1>Whitelabel Error Page</h1>
<p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p>
<div id='created'>Sun Jul 19 15:13:22 JST 2020</div>
<div>There was an unexpected error (type=Bad Request, status=400).</div>
<div></div>
</body></html>
When you specify the following in application.properties. It is set to output detailed error information.
server.error.include-message=always
server.error.include-binding-errors=always
server.error.include-stacktrace=always
server.error.include-exception=true
JSON
{
"timestamp": "2020-07-19T06:11:54.165+00:00",
"status": 400,
"error": "Bad Request",
"exception": "org.springframework.validation.BindException",
"trace": "org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 2 errors\n
Error in object 'fooError': codes []; arguments []; default message [Artificially generated foo error]\n
Error in object 'barError': codes []; arguments []; default message [Artificially generated bar error]\n\t
at example.FooBarRestController.json(FooBarRestController.java:20)
(Omission)
java.base/java.lang.Thread.run(Thread.java:832)\n",
"message": "Validation failed for object='fooBarData'. Error count: 2",
"errors": [
{
"codes": null,
"arguments": null,
"defaultMessage": "Artificially generated foo error",
"objectName": "fooError",
"code": null
},
{
"codes": null,
"arguments": null,
"defaultMessage": "Artificially generated bar error",
"objectName": "barError",
"code": null
}
],
"path": "/json"
}
HTML
<html><body>
<h1>Whitelabel Error Page</h1>
<p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p>
<div id='created'>Sun Jul 19 15:11:48 JST 2020</div>
<div>There was an unexpected error (type=Bad Request, status=400).</div>
<div>Validation failed for object='fooBarData'. Error count: 2</div>
<div style='white-space:pre-wrap;'>
org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 2 errors
Error in object 'fooError': codes []; arguments []; default message [Artificially generated foo error]
Error in object 'barError': codes []; arguments []; default message [Artificially generated bar error]
at example.FooBarController.page(FooBarController.java:20)
(Omission)
at java.base/java.lang.Thread.run(Thread.java:832)
</div>
</body></html>
The DefaultErrorAttributes class builds error information to be output in JSON or HTML.
spring-boot/DefaultErrorAttributes.java at v2.3.0.RELEASE · spring-projects/spring-boot · GitHub
public Map<String, Object> getErrorAttributes(WebRequest webRequest, boolean includeStackTrace) {
Map<String, Object> errorAttributes = new LinkedHashMap<>();
errorAttributes.put("timestamp", new Date());
addStatus(errorAttributes, webRequest);
addErrorDetails(errorAttributes, webRequest, includeStackTrace);
addPath(errorAttributes, webRequest);
return errorAttributes;
}
You are building the HTML for the error page with the ErrorMvcAutoConfiguration class.
spring-boot/ErrorMvcAutoConfiguration.java at v2.3.0.RELEASE · spring-projects/spring-boot · GitHub
StringBuilder builder = new StringBuilder();
Date timestamp = (Date) model.get("timestamp");
Object message = model.get("message");
Object trace = model.get("trace");
if (response.getContentType() == null) {
response.setContentType(getContentType());
}
builder.append("<html><body><h1>Whitelabel Error Page</h1>").append(
"<p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p>")
.append("<div id='created'>").append(timestamp).append("</div>")
.append("<div>There was an unexpected error (type=").append(htmlEscape(model.get("error")))
.append(", status=").append(htmlEscape(model.get("status"))).append(").</div>");
if (message != null) {
builder.append("<div>").append(htmlEscape(message)).append("</div>");
}
if (trace != null) {
builder.append("<div style='white-space:pre-wrap;'>").append(htmlEscape(trace)).append("</div>");
}
builder.append("</body></html>");
Recommended Posts