0

I have a REST service (Spring MVC) which is called from RestTemplate. In the REST application there is a servlet filter that checks something and might send back 401 with an error message.
In this case I get a HttpClientErrorException in the RestTemplate which is OK. What is not OK is that I don't get back the error message that I sent back in the servlet filter but the REST response body contains the following HTML:

<html lang="en">
    <head>
        <title>HTTP Status 401 – Unauthorized</title>
        <style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style>
    </head>
    <body>
        <h1>HTTP Status 401 – Unauthorized</h1>
        <hr class="line" />
        <p>
            <b>Type</b> Status Report</p>
        <p>
            <b>Message</b> Access Denied</p>
        <p>
            <b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p>
        <hr class="line" />
        <h3>Apache Tomcat/9.0.8</h3>
    </body>
</html>

which is generated and sent by Tomcat. The code I use in the servlet filter to send back the error code and message is as follows:

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    ...
    catch(...) {
        response.sendError(errorCode, message);
        return;
    }
    ...
}

My question is why didn't I get the error message on the client side? I am using Spring Boot (1.5.8.RELEASE). As far as I know there was a bug in < Spring Boot 1.2 that the error message was sent back properly but it was fixed so it should work in the version I use.
Any hint please? Also How could I debug where my response is hijacked?

Thanks,
V.

Viktor
  • 1,325
  • 2
  • 19
  • 41
  • Possible duplicate of [Disable all default HTTP error response content in Tomcat](https://stackoverflow.com/questions/794329/disable-all-default-http-error-response-content-in-tomcat) – Selaron Oct 10 '19 at 14:11
  • Does 401 have to come from this filter? Can the app be redesigned to make it come from Spring security config or the rest controller itself? – Mahendran Ayyarsamy Kandiar Oct 10 '19 at 18:28
  • I can confirm that the link marked mine as duplication solved the problem, thanks! – Viktor Oct 14 '19 at 09:43

0 Answers0