diff --git a/acceptance-test/src/acceptance-test/java/org/zalando/nakadi/webservice/InvalidRequestAT.java b/acceptance-test/src/acceptance-test/java/org/zalando/nakadi/webservice/InvalidRequestAT.java new file mode 100644 index 0000000000..365ca08cc5 --- /dev/null +++ b/acceptance-test/src/acceptance-test/java/org/zalando/nakadi/webservice/InvalidRequestAT.java @@ -0,0 +1,18 @@ +package org.zalando.nakadi.webservice; + +import org.apache.http.HttpStatus; +import org.junit.Test; + +import static com.jayway.restassured.RestAssured.given; +import static org.hamcrest.Matchers.notNullValue; + +public class InvalidRequestAT { + @Test(timeout = 10000) + public void whenRequestRejectedExceptionThrownThenResponseIs400() { + given() + .when() + .get("//") + .then() + .statusCode(HttpStatus.SC_BAD_REQUEST); + } +} diff --git a/app/src/main/java/org/zalando/nakadi/filters/RequestRejectedFilter.java b/app/src/main/java/org/zalando/nakadi/filters/RequestRejectedFilter.java new file mode 100644 index 0000000000..4697716b2e --- /dev/null +++ b/app/src/main/java/org/zalando/nakadi/filters/RequestRejectedFilter.java @@ -0,0 +1,23 @@ +package org.zalando.nakadi.filters; + +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.springframework.security.web.firewall.RequestRejectedException; +import org.springframework.stereotype.Component; +import javax.servlet.http.HttpServletResponse; + +@Aspect +@Component +public class RequestRejectedFilter { + + @Around("execution(public void org.springframework.security.web.FilterChainProxy.doFilter(..))") + public void handleRequestRejectedException(ProceedingJoinPoint pjp) throws Throwable { + try { + pjp.proceed(); + } catch (RequestRejectedException exception) { + HttpServletResponse response = (HttpServletResponse) pjp.getArgs()[1]; + response.sendError(HttpServletResponse.SC_BAD_REQUEST); + } + } +}