Java Reference
In-Depth Information
Web application. One of the basic requirements to prevent information leakage through lawed
error handling is by creating a customized error page that reveals no sensitive information to the
user. his way, the attacker cannot glean further information that can be used to compromise the
application.
10.4 errors and exceptions in Java
An exception is an event that breaks the normal low of the program. Any event may be an excep-
tion, but in Java we normally use exceptions when errors happen. For this reason we normally
refer to exceptions as the error-handling system of Java. he following paragraphs describe some
best practices that should be cultivated among the developers for ensuring that errors and excep-
tions are properly handled and the stack trace is not thrown to the user of the applications.
10.4.1 Relevance
A method can only throw the exceptions that are relevant to its interface. For example, the con-
structor java.io.FileInputStream.FileInputStream(String name) throws
FileNotFoundException . In this case, the application tries opening a ile on the disk for
reading bytes. It makes sense that this constructor throws a FileNotFoundException . But
it would make no sense at all if it would throw an unrelated exception. his exception would not
be meaningful in the FileInputStream context.
10.4.2 Encapsulating Exception
Let's assume a method is throwing an exception received from another method. his situation is
not a very common scenario in any application programming environment. he developers make
sure that it should encapsulate it in a locally generated exception class.
Consider a small code snippet:
try {
return new FileOutputStream(fileName);
} catch (EndOfFileException e) {
throw new ActionException(e);
}
he try-catch block above shows an exception generated by the FileOutputStream con-
structor and throws it to the next method in the stack trace encapsulating it in another excep-
tion, which is ActionException , so that it throws only exceptions that are relevant to
the interface. he method that catches this exception can, at any time, get the information
about the EndOfFileException , encapsulated in the main exception, by using the get-
Cause() method.
10.4.3 Reason
Application developers must ensure that the exceptions properly relect what caused them. One
way to handle it is to generate a separate and speciic exception. But this approach is highly code-
Search WWH ::




Custom Search