@Override
public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain)
        throws IOException, ServletException {

    try {
        filterChain.doFilter(req, resp);
    } catch (RequestRejectedException e) {
        if (logger.isDebugEnabled()) {
            logger.debug("An exception was caught performing the HTTP request security filter check and the stacktrace has been suppressed from the response");
        }

        HttpServletResponse filteredResponse = (HttpServletResponse) resp;
        filteredResponse.setStatus(500);
        filteredResponse.getWriter().write(e.getMessage());

        StringWriter sw = new StringWriter();
        sw.write("Exception caught by ExceptionFilter:\n");
        PrintWriter pw = new PrintWriter(sw);
        e.printStackTrace(pw);
        logger.error(sw.toString());
    }
}
 

/**
     * controller参数异常/缺少
     *
     * @param e
     * @return
     */
    @ExceptionHandler({
            MissingServletRequestParameterException.class,
            MethodArgumentTypeMismatchException.class,
            RequestRejectedException.class}
    )
    public Result missingServletRequestParameterException(Exception e) {
//        e.printStackTrace();
        return Result.create(StatusCode.ERROR, "参数异常");

    }
 

/**
 * Handles all the errors and returns an {@link ErrorResponse}.
 *
 * @param req http request which caused some error.
 * @param res http response.
 * @return error response entity.
 */
@RequestMapping(produces = {APPLICATION_JSON_VALUE, APPLICATION_XML_VALUE})
public @ResponseBody ResponseEntity<ErrorResponse> errorResponse(
    HttpServletRequest req, HttpServletResponse res) {
  Map<String, Object> body = getErrorAttributes(req, isIncludeStackTrace(req, MediaType.ALL));

  // Update status code and format error respose for RequestRejectedException
  Object message = "";
  Object ex = body.get("exception");
  String exceptionName = ex != null ? ex.toString() : "";

  if (exceptionName.contains(RequestRejectedException.class.getSimpleName())) {
    try {
      message = URLDecoder.decode(body.get("message").toString(), "UTF-8");
    } catch (UnsupportedEncodingException ignore) {
    }
    message = message.toString().replace(exceptionName + ":", "");
    body.put("message", message);
    body.put("status", HttpStatus.BAD_REQUEST.value());
    body.put("error", HttpStatus.BAD_REQUEST.getReasonPhrase());
    req.setAttribute("javax.servlet.error.status_code", HttpStatus.BAD_REQUEST.value());
  }

  HttpStatus status = getStatus(req);
  ErrorResponse errRes = new ErrorResponse(body);
  return new ResponseEntity<>(errRes, status);
}
 

@Override
public FirewalledRequest getFirewalledRequest(
	HttpServletRequest request) throws RequestRejectedException {
	return super.getFirewalledRequest(new PortalHttpServletRequest(request));
}