net.sf.mmm.util.exception.api

Interface ExceptionUtil

All Superinterfaces:

ExceptionUtilLimited, Security

All Known Implementing Classes:

ExceptionUtilImpl

@ComponentSpecification
public interface ExceptionUtil
extends ExceptionUtilLimited, Security

This is the interface for a collection of utility functions to deal with exceptions (Throwables). It is especially useful for converting exceptions at application barriers, e.g. to prevent violating the OWASP principle sensitive data exposure.

Since:

4.0.0

Author:

Joerg Hohwiller (hohwille at users.sourceforge.net)

Field Summary

Fields

Modifier and Type	Field and Description
static String	CDI_NAME The CDI name.
static StackTraceElement[]	NO_STACKTRACE The empty stacktrace.

Method Summary

Modifier and Type	Method and Description
Throwable	convertForClient(Throwable exception) Converts the given exception for the client.
Throwable	convertForSerialization(Throwable exception, ExceptionTruncation truncation) Converts the given exception so it is ensured to be serializable.
Throwable	convertForUser(Throwable exception, ExceptionTruncation truncation) Converts the given exception for end-users with potential truncation.

Methods inherited from interface net.sf.mmm.util.exception.api.ExceptionUtilLimited

convertForUser, getStacktrace

Field Detail

CDI_NAME

static final String CDI_NAME

The CDI name.

See Also:

Constant Field Values

NO_STACKTRACE

static final StackTraceElement[] NO_STACKTRACE

The empty stacktrace.

Method Detail

convertForSerialization

Throwable convertForSerialization(Throwable exception,
                                  ExceptionTruncation truncation)

Converts the given exception so it is ensured to be serializable.

Parameters:

exception - is the Throwable to convert.

truncation - the ExceptionTruncation to configure if details shall be removed. E.g. ExceptionTruncation.REMOVE_ALL.

Returns:

a serializable variant of the given exception. Guaranteed to implement NlsThrowable. By default an instance of GenericSerializableException.

See Also:

GenericSerializableException, NlsThrowable.createCopy(ExceptionTruncation)

convertForUser

Throwable convertForUser(Throwable exception,
                         ExceptionTruncation truncation)

Converts the given exception for end-users with potential truncation.

Parameters:

exception - is the exception to wrap.

truncation - the ExceptionTruncation to configure if details shall be removed. E.g. ExceptionTruncation.REMOVE_ALL.

Returns:

the converted exception. Will be an instance of NlsThrowable.

See Also:

ExceptionUtilLimited.convertForUser(Throwable)

convertForClient

Throwable convertForClient(Throwable exception)

Converts the given exception for the client. With client we mean any kind of system that calls the current application via a remote interface. This can be a user-interface client, a different server application, or the like. If the exception would be send to the client as is, then all exception classes have to be available on the client side for de-serialization and all error details are exposed to the client violating the OWASP principle sensitive data exposure.
The suggested implementation should behave as following:

• Details are removed according to the current environment. In development environment and test environment the details should be retained to support debugging. However, in environments close to production, the details shall be removed.
• Exceptions are converted for the end-user so that confusion with technical details and exposure of internals in messages is avoided.
• Potentially exceptions are converted for serialization.

ATTENTION:
It is not the task of this utility to log exceptions. Instead this shall be done before this method is invoked. To make use of the features of NlsThrowable such as the UUID that is logged and transferred to the client, you should call ExceptionUtilLimited.convertForUser(Throwable) in advance.

Parameters:

exception - is the Throwable that has been catched at an application boundary.

Returns:

the converted Throwable.