exception handling for rest services

java/org/owasp/webgoat/service/BaseService.java

@@ -3,10 +3,14 @@
  * To change this template file, choose Tools | Templates
  * and open the template in the editor.
  */
-
 package org.owasp.webgoat.service;
 
+import javax.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
 
 /**
  *
@@ -15,4 +19,16 @@ import org.springframework.web.bind.annotation.RequestMapping;
 @RequestMapping("/service")
 public abstract class BaseService {
 
+    @ExceptionHandler(Exception.class)
+    @ResponseStatus(value = HttpStatus.I_AM_A_TEAPOT)
+    public @ResponseBody
+    ExceptionInfo handleException(HttpServletRequest request, Exception ex) {
+
+        ExceptionInfo response = new ExceptionInfo();
+        response.setUrl(request.getRequestURL().toString());
+        response.setMessage(ex.getMessage());
+
+        return response;
+    }
+
 }

java/org/owasp/webgoat/service/ExceptionInfo.java

@@ -0,0 +1,32 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.service;
+
+/**
+ *
+ * @author rlawson
+ */
+public class ExceptionInfo {
+
+    private String url;
+    private String message;
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+}

java/org/owasp/webgoat/service/HintService.java

@@ -35,7 +35,7 @@ public class HintService extends BaseService {
         WebSession ws;
         Object o = session.getAttribute(WebSession.SESSION);
         if (o == null || !(o instanceof WebSession)) {
-            return null;
+            throw new IllegalArgumentException("No valid session object found, has session timed out?");
         }
         ws = (WebSession) o;
         AbstractLesson l = ws.getCurrentLesson();

java/org/owasp/webgoat/service/LessonMenuService.java

@@ -35,12 +35,12 @@ public class LessonMenuService extends BaseService {
     @RequestMapping(value = "/lessonmenu.mvc", produces = "application/json")
     public @ResponseBody
     List<LessonMenuItem> showLeftNav(HttpSession session) {
-        //TODO - need Links, rank, title
+        if(true) throw new IllegalArgumentException("No valid session object found, has session timed out?");
         List<LessonMenuItem> menu = new ArrayList<LessonMenuItem>();
         WebSession ws;
         Object o = session.getAttribute(WebSession.SESSION);
         if (o == null || !(o instanceof WebSession)) {
-            return null;
+            throw new IllegalArgumentException("No valid session object found, has session timed out?");
         }
         ws = (WebSession) o;
         AbstractLesson l = ws.getCurrentLesson();