Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    IDACall: Display error message

    Hi Isomorphic,

    my goal is that my app is using one big war file, currently is using many war files.
    That's why I have to add some security checks.

    First example is here:
    Code:
    public class LMSIDACall extends IDACall {
    /**
     * Called for every request received from the client. Server requests do not go though this.
     */
    @Override
    public void processRequest(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
        long userId = User.getUserId(servletRequest);
        String domainName = User.getDomainName(servletRequest);

        if (domainName != null && !domainName.equals(servletRequest.getServerName())) {
            handleError(servletResponse, "Good try! You're caught!", new Throwable("Error message"));
        } else
            try {
                .....
            } catch (Throwable e) {
                handleError(servletResponse, e);
            }
    }
}
    Is there any other way I can use, in order to display the error with message I want?
    Because if an error occurs in this area, so that I can immediately know where it comes from.
    The error is now displayed only in the log. For the client, error message is: "The server failed to return a formatted response at all."

    Btw.
    1) Method "handleError" is not in the docs.
    2 )In this example: Example processRequest is not "overridden".

    Best regards
    Pavo
    Tags: None
    #2
    You should not call undocumented methods, and there is no need to here.

    Typically you would do security checks further downstream, and use standard error handling approaches, such as returning a DSRequest or RPCRequest with an error code set. In this way you can get a particular message to appear for an end user.

    If you are trying to block a hack attempt - in other words a condition that would not accidentally arise for an end user - then there is no need to display a good error message. Just stopping processing is enough.

    Comment

      #3
      Please take a look this example here processRequest
      This method is not documented but it's used in this example in docs,, which means I can use it?

      Comment

        #4
        IDACall.processRequest is a documented API.

        Comment

          #5
          Sorry, my fault. I've mixed docs for IDACall and DataSourceLoader.

          Can I use undocumented method
          Code:
          handleError(servletResponse, "Good try! You're caught!", new Throwable("Error message"));
          as I mentioned in first post? Or there is some better way. Is this enough and good way to stopping processing?
          Last edited by pavo123; 12 Nov 2018, 07:53.

          Comment

            #6
            I've thought that post #2 refers to API "processRequest", but that's documented.
            Can you maybe docs method "handleError", or something similar so I can easily stop the process?
            Last edited by pavo123; 12 Nov 2018, 08:12.

            Comment

              #7
              If you simply don't call super, processing is stopped.

              Comment

                #8
                Thank you. The simplest things sometimes look difficult. Although I still think it would be good that request end with some "error exception" and not just stop.
                Last edited by pavo123; 13 Nov 2018, 06:48. Reason: Original post

                Comment

                  #9
                  We explained above how you could provide an error message to an end user, and why you might not want to. You can also, of course, write out some kind of error message using standard servlet APIs - nothing is stopping you.

                  Comment

                    #10
                    Hi Isomorphic,

                    thanks for tips, explanation and your time.

                    Just one note: In this sample requiresRole has been using an undocumented method "handleError(response, e);". You might want to know that.

                    Best regards
                    Pavo
                    Last edited by pavo123; 13 Nov 2018, 07:52.

                    Comment

                      #11
                      FYI we've officially documented handleError(...) API, since it appears in sample code. However, as previously noted in this thread, it's still not required to handle your use case.

                      Comment

                        #12
                        Understood. But I also use this "sample code", that's why I mentioned this.

                        Comment

                        Previous template Next
                        Working...
                        X