Skip to content

ProblemDetails not showing cause of validation error #34061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
membersound opened this issue Dec 10, 2024 · 7 comments
Closed

ProblemDetails not showing cause of validation error #34061

membersound opened this issue Dec 10, 2024 · 7 comments
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket)

Comments

@membersound
Copy link

spring-boot-3.4.0

When I enable problem-details, the validation message of my parameters should be shown in the response.
But it is still hidden. Example:

spring.mvc.problemdetails.enabled=true
spring.webflux.problemdetails.enabled=true

@RestController
public class DemoServlet {
    @GetMapping(value = "/info")
    public String bookinginfo(
            @RequestParam(name = "token")
            @Size(min = 3, message = "too short") String token) {
        return "ok";
    }

Result:

{
    "type": "about:blank",
    "title": "Bad Request",
    "status": 400,
    "detail": "Validation failure",
    "instance": "/info"
}

Expected result: something like "token [size = 3] ... too short"... as hint for the client-user how he can fix his 400.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Dec 10, 2024
@bclozel
Copy link
Member

bclozel commented Dec 10, 2024

I think this behavior is implemented by Spring Framework in ResponseEntityExceptionHandler and it's not showing the validation message to avoid leaking information. Have you tried customizing the error message as explained in the reference documentation? Please let us know how this goes.

I'll transfer this issue there for further discussion.

@bclozel bclozel transferred this issue from spring-projects/spring-boot Dec 10, 2024
@bclozel bclozel added status: waiting-for-feedback We need additional information before we can continue in: web Issues in web modules (web, webmvc, webflux, websocket) labels Dec 10, 2024
@membersound
Copy link
Author

I think that should work out of the box, because the defaults for HandlerMethodValidationException.class are {0} list all validation errors.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Dec 10, 2024
@membersound membersound mentioned this issue Dec 10, 2024
Closed
@bclozel
Copy link
Member

bclozel commented Dec 10, 2024

I don't think Spring Framework ships with message sources by default. The reference doc mentions the Message Code Arguments that are available, not the default messages. Can you try and get back to us? Thanks!

@bclozel bclozel added status: waiting-for-feedback We need additional information before we can continue and removed status: feedback-provided Feedback has been provided labels Dec 10, 2024
@membersound
Copy link
Author

Here are my results, I tried all 3 variants:

problemDetail.org.springframework.web.method.annotation.HandlerMethodValidationException=validation errors: {0}

Result: the validation message is displayed, but the targeting parameter is missing completely:

{
    "type": "about:blank",
    "title": "Bad Request",
    "status": 400,
    "detail": "validation errors: too short",   <---------- I would expect at least also the parameter names here
    "instance": "/info"
}

I also tried title and type message variants, which both produce results that I would not have expected:

problemDetail.title.org.springframework.web.method.annotation.HandlerMethodValidationException=validation errors: {0}

Result: title is taken plain, without replacing the {0} value:

{
    "type": "about:blank",
    "title": "validation errors: {0}",
    "status": 400,
    "detail": "Validation failure",
    "instance": "/info"
}

problemDetail.type.org.springframework.web.method.annotation.HandlerMethodValidationException=validation errors: {0}

Result: Exception on message rendering:

Caused by: java.net.URISyntaxException: Illegal character in scheme name at index 10: validation errors: {0}
	at java.base/java.net.URI$Parser.fail(URI.java:2995) ~[na:na]
	at java.base/java.net.URI$Parser.checkChars(URI.java:3166) ~[na:na]
	at java.base/java.net.URI$Parser.parse(URI.java:3192) ~[na:na]
	at java.base/java.net.URI.<init>(URI.java:645) ~[na:na]
	at java.base/java.net.URI.create(URI.java:930) ~[na:na]
	... 68 common frames omitted

So, while the first message result improves the error message, I still think there is much room for improvement (at least including the parameter name that caused the error).
Also I'm unsure if "type" and "title" behave as expected.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Dec 10, 2024
@quaff
Copy link
Contributor

quaff commented Dec 11, 2024
edited
Loading

I would expect at least also the parameter names here

@membersound You should try to use placeholder ${validatedValue} in your message, like this:

@Size(min = 3, message = "'${validatedValue}' is too short, length must be greater than or equal to {min}")

@rstoyanchev
Copy link
Contributor

We do not want to leak information, and also cannot easily format validation errors transparently because we have no knowledge of what's in the validation message, e.g. it could already have the parameter name, and likewise internationalization also requires customization. There are just too many variables to be able to provide something better out of the box, while keeping it customizable.

You have a few options.

Adding a problemDetail.org.springframework.web.method.annotation.HandlerMethodValidationException message property and using {0} to display all validation errors.

To customize the validation messages, you can set it on the annotation:
@Size(min = 3, message = "Token must be greater than {min}")

You can also use your message.properties to customize validation messages as explained here. For example the following will customize all Size related errors across the application:

Size={0} must be > {2} and < {1}

There is also an option to handle HandlerMethodValidationException with a visitor that lets you handle validation errors by type of method parameter (request param, header, cookie, etc).

@rstoyanchev rstoyanchev closed this as not planned Won't fix, can't repro, duplicate, stale Feb 3, 2025
@rstoyanchev rstoyanchev removed status: waiting-for-triage An issue we've not yet triaged or decided on status: feedback-provided Feedback has been provided labels Feb 3, 2025
@rstoyanchev
Copy link
Contributor

Also I'm unsure if "type" and "title" behave as expected.

You can customize those, but there are no arguments, so leave out the {0}.

@bclozel bclozel mentioned this issue Apr 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bclozel @quaff @rstoyanchev @membersound @spring-projects-issues