zalando
Exceptions annoted with ResponseStatus not converted to Problem on 0.26.x when using Spring Security
Exceptions that are annoted with a @ResponseStatus do not return a "Problem Response" with content-type application/problem+json once the Spring Security Starter is on the classpath.
This error does not appear when using version 0.25.2 only when updating to a version >= 0.26.0
Description
The autoconfiguration is invoked, but the method still returns application/json and the default spring boot error json:
import org.springframework.boot.autoconfigure.SpringBootApplication
import org.springframework.boot.runApplication
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpStatus
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.ResponseStatus
import org.springframework.web.bind.annotation.RestController
@SpringBootApplication
class ProblemStarterWebIssueApplication
fun main(args: Array<String>) {
runApplication<ProblemStarterWebIssueApplication>(*args)
}
@RestController
@RequestMapping("/hello")
class HelloWorldController {
@GetMapping
fun sayHello() {
throw HelloNotFoundException()
}
}
@ResponseStatus(HttpStatus.NOT_FOUND)
class HelloNotFoundException() : RuntimeException("Hello not found")
@Configuration
class SecurityConfig() : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.anonymous().and().authorizeRequests().anyRequest().permitAll()
}
}
Expected Behavior
Calling GET http://localhost:8080/hello returns a response with mediatype application/problem+json and a corresponding body.
Actual Behavior
A response with mediatype application/json is returned and the body matches the default spring boot error view json.
Possible Fix
Steps to Reproduce
- Create a Spring Boot project with web + security + kotlin
- Paste the code above in the main application file
- Execute the following test:
import org.junit.jupiter.api.Test
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.http.HttpHeaders
import org.springframework.http.MediaType
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import org.zalando.problem.spring.common.MediaTypes
@SpringBootTest
@AutoConfigureMockMvc
class ProblemStarterWebIssueApplicationTests {
@Autowired
lateinit var mockMvc: MockMvc
@Test
fun testProblemSupport() {
mockMvc.get("/hello") {
accept(MediaType.APPLICATION_JSON)
}.andExpect {
status { isNotFound }
header { string(HttpHeaders.CONTENT_TYPE, MediaTypes.PROBLEM_VALUE) }
}
}
}
- The test will fail
Context
Your Environment
- Version used: 0.26.2, kotlin 1.3.72 and 1.4.10 (both affected), spring boot 2.3.3 + 2.3.4
- Link to your project: project is not open sourced, reproducer is here: https://github.com/fr1zle/problem-web-issue
1. Create a Spring Boot project with web + security + kotlin
Can you post a sample pom/build file with the dependencies that yo used? Or could you create a small sample project on Github to reproduce it?
Sure, i pushed the sample including the test here: https://github.com/fr1zle/problem-web-issue
I won't have time to work on this any time soon. If anyone wants to tackle this, any help would be highly appreciated.
Any hints to where to look first? Took me a while to reproduce this, but I am willing to dig deeper with a few hints.
If it's a regression since the latest release then I'd start with a diff and check for interesting changes.
On Thu, 8 Oct 2020, 18:28 Timm Hirsens, [email protected] wrote:
Any hints to where to look first? Took me a while to reproduce this, but I am willing to dig deeper with a few hints.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/zalando/problem-spring-web/issues/541#issuecomment-705683089, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADI7HJPPM63WVJD3DBREXTSJXSCTANCNFSM4R6H7RGQ .