JBoss.orgCommunity Documentation

Chapter 30. Exception Handling

30.1. Exception Mappers

ExceptionMappers are custom, application provided, components that can catch thrown application exceptions and write specific HTTP responses. They are classes annotated with @Provider and implement this interface

         package jakarta.ws.rs.ext;

         import jakarta.ws.rs.core.Response;

         * Contract for a provider that maps Java exceptions to
         * {@link jakarta.ws.rs.core.Response}. An implementation of this interface must
         * be annotated with {@link Provider}.
         * @see Provider
         * @see jakarta.ws.rs.core.Response
         public interface ExceptionMapper<E>
            * Map an exception to a {@link jakarta.ws.rs.core.Response}.
            * @param exception the exception to map to a response
            * @return a response mapped from the supplied exception
            Response toResponse(E exception);

When an application exception is thrown it will be caught by the Jakarta RESTful Web Services runtime. Jakarta RESTful Web Services will then scan registered ExceptionMappers to see which one support marshalling the exception type thrown. Here is an example of ExceptionMapper

         public class EJBExceptionMapper implements ExceptionMapper<jakarta.ejb.EJBException>
            public Response toResponse(EJBException exception) {
               return Response.status(500).build();

ExceptionMappers are registered the same way as MessageBodyReader/Writers. By scanning for @Provider annotated classes, or programmatically through the ResteasyProviderFactory class.

As of RESTEasy 6.1 if a default ExceptionMapper is registered. It handles all uncaught exceptions and returns a response with the exception's message and a status of 500. If the exception is a WebApplicationException the response from the exception is returned. This can be turned off by setting the dev.resteasy.exception.mapper to false.

The default ExceptionMapper will also log the exception at a error level. The logger name is org.jboss.resteasy.core.providerfactory.DefaultExceptionMapper which can be used to disable these log messages.

30.2. RESTEasy Built-in Internally-Thrown Exceptions

RESTEasy has a set of built-in exceptions that are thrown when it encounters errors during dispatching or marshalling. They all revolve around specific HTTP error codes. They can be found in RESTEasy's javadoc under the package org.jboss.resteasy.spi. Here's a list of them:

Table 30.1. 
ExceptionHTTP CodeDescription
ReaderException400All exceptions thrown from MessageBodyReaders are wrapped within this exception. If there is no ExceptionMapper for the wrapped exception or if the exception isn't a WebApplicationException, then resteasy will return a 400 code by default.
WriterException500All exceptions thrown from MessageBodyWriters are wrapped within this exception. If there is no ExceptionMapper for the wrapped exception or if the exception isn't a WebApplicationException, then resteasy will return a 400 code by default.
o.j.r.plugins.providers.jaxb.JAXBUnmarshalException400The Jakarta XML Binding providers throw this exception on reads. They may be wrapping JAXBExceptions. This class extends ReaderException
o.j.r.plugins.providers.jaxb.JAXBMarshalException500The Jakarta XML Binding providers throw this exception on writes. They may be wrapping JAXBExceptions. This class extends WriterException
ApplicationExceptionN/AThis exception wraps all exceptions thrown from application code. It functions much in the same way as InvocationTargetException. If there is an ExceptionMapper for wrapped exception, then that is used to handle the request.
FailureN/AInternal RESTEasy. Not logged
LoggableFailureN/AInternal RESTEasy error. Logged
DefaultOptionsMethodExceptionN/AIf the user invokes HTTP OPTIONS and no Jakarta RESTful Web Services method for it, RESTEasy provides a default behavior by throwing this exception. This is only done if the property dev.resteasy.throw.options.exception is set to true.
UnrecognizedPropertyExceptionHandler400A Jackson provider throws this exception when JSON data is determine to be invalid.

30.3. Resteasy WebApplicationExceptions

Suppose a client at local.com calls the following resource method:

   public String remote() throws Exception {
      Client client = ClientBuilder.newClient();
      return client.target("http://third.party.com/exception").request().get(String.class);

If the call to http://third.party.com returns a status code 3xx, 4xx, or 5xx, then the Client is obliged by the Jakarta RESTful Web Services specification to throw a WebApplicationException. Moreover, if the WebApplicationException contains a Response, which it normally would in RESTEasy, the server runtime is obliged by the Jakarta RESTful Web Services specification to return that Response. As a result, information from the server at third.party.com, e.g., headers and body, will get sent back to local.com. The problem is that that information could be, at best, meaningless to the client and, at worst, a security breach.

RESTEasy has a solution that works around the problem and still conforms to the Jakarta RESTful Web Services specification. In particular, for each WebApplicationException it defines a new subclass:

| +-ResteasyClientErrorException
| +-BadRequestException
| | +-ResteasyBadRequestException
| +-ForbiddenException
| | +-ResteasyForbiddenException
| +-NotAcceptableException
| | +-ResteasyNotAcceptableException
| +-NotAllowedException
| | +-ResteasyNotAllowedException
| +-NotAuthorizedException
| | +-ResteasyNotAuthorizedException
| +-NotFoundException
| | +-ResteasyNotFoundException
| +-NotSupportedException
| | +-ResteasyNotSupportedException
| +-ResteasyRedirectionException
| +-ResteasyServerErrorException
| +-InternalServerErrorException
| | +-ResteasyInternalServerErrorException
| +-ServiceUnavailableException
| | +-ResteasyServiceUnavailableException

The new Exceptions play the same role as the original ones, but RESTEasy treats them slightly differently. When a Client detects that it is running in the context of a resource method, it will throw one of the new Exceptions. However, instead of storing the original Response, it stores a "sanitized" version of the Response, in which only the status and the Allow and Content-Type headers are preserved. The original WebApplicationException, and therefore the original Response, can be accessed in one of two ways:

// Create a NotAcceptableException.
NotAcceptableException nae = new NotAcceptableException(Response.status(406).entity("ooops").build());

// Wrap the NotAcceptableException in a ResteasyNotAcceptableException.
ResteasyNotAcceptableException rnae = (ResteasyNotAcceptableException) WebApplicationExceptionWrapper.wrap(nae);

// Extract the original NotAcceptableException using instance method.
NotAcceptableException nae2 = rnae.unwrap();
Assert.assertEquals(nae, nae2);

// Extract the original NotAcceptableException using class method.
NotAcceptableException nae3 = (NotAcceptableException) WebApplicationExceptionWrapper.unwrap(nae); // second way
Assert.assertEquals(nae, nae3);

Note that this change is intended to introduce a safe default behavior in the case that the Exception generated by the remote call is allowed to make its way up to the server runtime. It is considered a good practice, though, to catch the Exception and treat it in some appropriate manner:

   public String remote(@PathParam("i") String i) throws Exception {
      Client client = ClientBuilder.newClient();
      try {
         return client.target("http://remote.com/exception/" + i).request().get(String.class);
      } catch (WebApplicationException wae) {

Note. While RESTEasy will default to the new, safer behavior, the original behavior can be restored by setting the configuration parameter "resteasy.original.webapplicationexception.behavior" to "true".

30.4. Overriding RESTEasy Builtin Exceptions

RESTEasy built-in exceptions can be overridden by writing an ExceptionMapper for the exception. You can write an ExceptionMapper for any thrown exception including WebApplicationException