-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Add URL to RequestRejectedException when rejecting requests #5107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Thanks for the report. Is there a reason the server cares? I would think that the client would need to change behavior so it would know what request caused the error. |
Hi @rwinch, my application is a monolith consisting of a REST backend with a few hundred REST endpoints and an ExtJS frontend. Since upgrading to Spring Boot 2 the application logged some RequestRejectedExceptions but I had no idea what caused the problem. Unfortunately the end users don't report every problem ;) In the meantime I've installed a custom ServletFilter that logs the RequestRejectedExceptions together with the called URL but I think that Spring Security itself should log enough information to be able to analyze such exceptions. Regards, |
Thanks for the additional information. I'm going to log this as a duplicate of #5007 which is already asking for an improved way to handle the |
Did you mean #5007 ? :) |
Thanks updated my comment to make it easier to follow along |
Summary
When a request gets rejected by the StrictHttpFirewall the URL will not be logged. So it's very hard to find out which client, frontend or else caused the issue.
Actual Behavior
When a request gets rejected by the StrictHttpFirewall the error message only states why a request was blocked but not which URL was called.
Expected Behavior
When a request gets blocked by the StrictHttpFirewall the exception should contain the URL which was called.
Version
spring-security-web 5.0.3.RELEASE
The text was updated successfully, but these errors were encountered: