I'm using Spring MVC 4.1 and Spring Security 3.2. I wanted to handle gracefully all exceptions that can happen during HTTP calls (including AJAX calls) on the backend without breaking Spring Security. What solutions would you recommend?
Initially I wanted to use @ExceptionHandler(Exception.class) in my AbstractController class (or @ControllerAdvice). However, there is a fundamental problem with that approach - it also catches Spring Security exceptions (like AuthenticationException or AccessDeniedException) and breaks its functionality. I can catch some of these exceptions and rethrow it, but @ExceptionHandlers don't like rethrowing (they produce unnecessary logs). So I created my own HandlerExceptionResolver. It allows me not to handle exception (by returning null) when I don't know what to do with it.
However I still don't like this solution, because I don't have a list of all exceptions that could be thrown by Spring Security. And now I have to check explicitly if it's AuthenticationException or AccessDeniedException.
There might be some exception that I will catch by accident and break SS functionality.
Do you have any recommendations for my case?
