java.lang.Object
java.lang.Throwable
java.lang.Exception
java.lang.RuntimeException
de.cuioss.http.security.exceptions.UrlSecurityException
- All Implemented Interfaces:
Serializable
Main exception for HTTP security validation failures.
Extends RuntimeException to enable clean functional interface usage and fail-fast behavior.
Design Principles
- Fail Secure - Throws on any security violation for immediate handling
- Rich Context - Provides detailed failure information for debugging and logging
- Builder Pattern - Fluent API for exception construction
- Immutable - All fields are final and thread-safe
Usage Examples
// Simple security violation
throw UrlSecurityException.builder()
.failureType(UrlSecurityFailureType.PATH_TRAVERSAL_DETECTED)
.validationType(ValidationType.URL_PATH)
.originalInput("../../../etc/passwd")
.build();
// Detailed violation with sanitized input
throw UrlSecurityException.builder()
.failureType(UrlSecurityFailureType.INVALID_CHARACTER)
.validationType(ValidationType.PARAMETER_VALUE)
.originalInput("user<script>test(1)</script>")
.sanitizedInput("userscripttest1script")
.detail("Removed script tags and special characters")
.build();
// Chained exception
throw UrlSecurityException.builder()
.failureType(UrlSecurityFailureType.INVALID_ENCODING)
.validationType(ValidationType.URL_PATH)
.originalInput("%ZZ%invalid")
.cause(originalException)
.build();
Implements: Task B2 from HTTP verification specification- Since:
- 1.0
- See Also:
-
Method Summary
Methods inherited from class java.lang.Throwable
addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace
-
Method Details
-
getSanitizedInput
Gets the sanitized version of the input, if available.- Returns:
- The sanitized input wrapped in Optional, or empty if not provided
-
getDetail
Gets additional detail about the security failure.- Returns:
- Additional detail wrapped in Optional, or empty if not provided
-
toString
-