diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 353261085..5f74d8fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -29,6 +29,7 @@ import java.io.StringWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; @@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.ExceptionContainer; import at.gv.egovernment.moa.id.moduls.IRequestStorage; @@ -166,8 +166,9 @@ public abstract class AbstractController extends MOAIDAuthConstants { return; - } catch (MOADatabaseException e) { - Logger.warn("Exception can not be stored to Database.", e); + } catch (Exception e) { + Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e); + Logger.info("Switch to generic generic backup error-handling ... "); handleErrorNoRedirect(loggedException, req, resp, true); } @@ -231,7 +232,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); String code = utils.mapInternalErrorToExternalError( ((InvalidProtocolRequestException)e).getMessageId()); - String descr = e.getMessage(); + String descr = StringEscapeUtils.escapeHtml(e.getMessage()); resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + "(Errorcode=" + code + @@ -248,7 +249,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { null); //add errorcode and errormessage - config.putCustomParameter("errorMsg", msg); + config.putCustomParameter("errorMsg", StringEscapeUtils.escapeHtml(msg)); config.putCustomParameter("errorCode", errorCode); //add stacktrace if debug is enabled |