exception = e; } finally { cleanup(request, response, exception);
@Override protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException { Exception exception = existing; if (exception != null) { Throwable unexpectedException = getUnexpectedException(existing); Logger logger = LoggerFactory.getLogger(ExceptionFilter.class); logger.error(exception.getCause().getMessage(), exception.getCause()); Boolean sessionCreationEnabled = (Boolean) request.getAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED); if (sessionCreationEnabled != null && !sessionCreationEnabled) { // We assume we are in a REST/JAX_RS call and thus return JSON HttpServletResponse servletResponse = (HttpServletResponse) response; servletResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); String code = unexpectedException == null ? "OCT-001" : "OCT-002"; ErrorInfo info = new ErrorInfo(code, exception.getMessage()); servletResponse.getWriter().print(info.toJSON()); exception = null; } else { // Since we are in a finally block, this exception takes over and thus erasing all information we have about stacktraces // OWASP A6 throw new OctopusUnexpectedException("Something went wrong"); } } super.cleanup(request, response, null); }