文章目录
- 一、为什么需要全局异常处理?
- 二、核心注解深度解析
-
- [2.1 @ControllerAdvice与@RestControllerAdvice](#2.1 @ControllerAdvice与@RestControllerAdvice)
- [2.2 @ExceptionHandler的工作原理](#2.2 @ExceptionHandler的工作原理)
- 三、完整实现方案
-
- [3.1 定义统一的异常体系](#3.1 定义统一的异常体系)
- [3.2 设计统一错误响应结构](#3.2 设计统一错误响应结构)
- [3.3 完整的全局异常处理器](#3.3 完整的全局异常处理器)
- [3.4 启用404异常处理](#3.4 启用404异常处理)
- 四、高级特性与最佳实践
-
- [4.1 异常国际化支持](#4.1 异常国际化支持)
- [4.2 异常监控与告警](#4.2 异常监控与告警)
- [4.3 分布式追踪集成](#4.3 分布式追踪集成)
- [4.4 性能优化建议](#4.4 性能优化建议)
- 五、测试策略
-
- [5.1 单元测试](#5.1 单元测试)
- [5.2 集成测试](#5.2 集成测试)
- 六、生产环境配置
-
- [6.1 多环境配置](#6.1 多环境配置)
- [6.2 安全配置](#6.2 安全配置)
- 七、常见问题与解决方案
-
- [7.1 异常处理顺序问题](#7.1 异常处理顺序问题)
- [7.2 异步请求异常处理](#7.2 异步请求异常处理)
- [7.3 微服务中的异常传播](#7.3 微服务中的异常传播)
- 总结
在现代化的Web应用开发中,良好的异常处理机制不仅是代码健壮性的体现,更是提升用户体验和系统可维护性的关键。本文将深入探讨Spring Boot中全局异常处理的最佳实践。
一、为什么需要全局异常处理?
在分布式系统开发中,异常处理不当会导致以下问题:
- 用户体验差:用户看到不友好的错误信息或空白页面
- 调试困难:生产环境难以定位问题根源
- 安全隐患:暴露系统内部实现细节
- 监控困难:无法统一收集和分析错误信息
Spring Boot通过@ControllerAdvice和@ExceptionHandler提供了优雅的全局异常处理方案,让开发者能够统一处理所有控制器抛出的异常。
二、核心注解深度解析
2.1 @ControllerAdvice与@RestControllerAdvice
@ControllerAdvice是Spring 3.2引入的重要特性,它是一个声明式的、面向切面的异常处理机制:
java
// 基础用法 - 处理所有控制器的异常
@ControllerAdvice
public class GlobalExceptionHandler {
// 异常处理方法
}
// REST API专用 - 结合了@ControllerAdvice和@ResponseBody
@RestControllerAdvice
public class GlobalRestExceptionHandler {
// 自动将返回值转换为JSON
}
// 限定作用范围 - 只处理指定包下的控制器
@RestControllerAdvice(basePackages = "com.example.api")
public class ApiExceptionHandler {
// 只处理api包下的异常
}
// 限定特定控制器
@RestControllerAdvice(assignableTypes = {
UserController.class,
OrderController.class
})
public class SpecificControllerExceptionHandler {
// 只处理指定控制器的异常
}2.2 @ExceptionHandler的工作原理
@ExceptionHandler注解可以标注在方法上,用于处理特定类型的异常:
java
@ExceptionHandler({BusinessException.class, ValidationException.class})
public ResponseEntity<?> handleBusinessExceptions(Exception ex) {
// 可以同时处理多种异常类型
}Spring会按照异常类型的继承关系进行匹配,优先匹配最具体的异常类型。
三、完整实现方案
3.1 定义统一的异常体系
首先构建清晰的异常分类体系:
java
// 异常基类
@Data
@EqualsAndHashCode(callSuper = true)
public abstract class BaseException extends RuntimeException {
private final String errorCode;
private final HttpStatus httpStatus;
private final LocalDateTime timestamp;
private final Map<String, Object> details;
protected BaseException(String errorCode, String message, HttpStatus httpStatus) {
this(errorCode, message, httpStatus, null);
}
protected BaseException(String errorCode, String message,
HttpStatus httpStatus, Map<String, Object> details) {
super(message);
this.errorCode = errorCode;
this.httpStatus = httpStatus;
this.timestamp = LocalDateTime.now();
this.details = details;
}
}
// 业务异常 - 400 Bad Request
public class BusinessException extends BaseException {
public BusinessException(String errorCode, String message) {
super(errorCode, message, HttpStatus.BAD_REQUEST);
}
public BusinessException(String errorCode, String message,
Map<String, Object> details) {
super(errorCode, message, HttpStatus.BAD_REQUEST, details);
}
}
// 资源未找到异常 - 404 Not Found
public class ResourceNotFoundException extends BaseException {
public ResourceNotFoundException(String resourceName, Object identifier) {
super("RESOURCE_NOT_FOUND",
String.format("%s with id %s not found", resourceName, identifier),
HttpStatus.NOT_FOUND);
}
}
// 认证授权异常 - 401 Unauthorized
public class UnauthorizedException extends BaseException {
public UnauthorizedException(String message) {
super("UNAUTHORIZED", message, HttpStatus.UNAUTHORIZED);
}
}
// 服务异常 - 500 Internal Server Error
public class ServiceException extends BaseException {
public ServiceException(String errorCode, String message) {
super(errorCode, message, HttpStatus.INTERNAL_SERVER_ERROR);
}
}3.2 设计统一错误响应结构
java
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@JsonInclude(JsonInclude.Include.NON_NULL)
public class ApiErrorResponse {
/**
* 时间戳(ISO 8601格式)
*/
@JsonProperty("timestamp")
@JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
private LocalDateTime timestamp;
/**
* HTTP状态码
*/
private int status;
/**
* HTTP状态描述
*/
private String error;
/**
* 业务错误码
*/
private String code;
/**
* 用户友好的错误信息
*/
private String message;
/**
* 调试信息(仅在开发环境显示)
*/
private String debugMessage;
/**
* 错误详情(如字段验证错误)
*/
private Object details;
/**
* 请求路径
*/
private String path;
/**
* 请求ID(用于日志追踪)
*/
private String requestId;
/**
* 文档链接
*/
private String documentationUrl;
public static ApiErrorResponse from(BaseException ex, HttpServletRequest request) {
return ApiErrorResponse.builder()
.timestamp(ex.getTimestamp())
.status(ex.getHttpStatus().value())
.error(ex.getHttpStatus().getReasonPhrase())
.code(ex.getErrorCode())
.message(ex.getMessage())
.details(ex.getDetails())
.path(request.getRequestURI())
.requestId((String) request.getAttribute("X-Request-ID"))
.documentationUrl("https://api.example.com/docs/errors/" + ex.getErrorCode())
.build();
}
}3.3 完整的全局异常处理器
java
@Slf4j
@RestControllerAdvice
@Order(Ordered.HIGHEST_PRECEDENCE)
public class GlobalExceptionHandler {
private final Environment environment;
/**
* 处理自定义业务异常
*/
@ExceptionHandler(BaseException.class)
public ResponseEntity<ApiErrorResponse> handleBaseException(
BaseException ex,
HttpServletRequest request,
HttpServletResponse response) {
log.warn("业务异常: [{}] {}", ex.getErrorCode(), ex.getMessage(), ex);
ApiErrorResponse errorResponse = ApiErrorResponse.from(ex, request);
// 如果是开发环境,添加调试信息
if (Arrays.asList(environment.getActiveProfiles()).contains("dev")) {
errorResponse.setDebugMessage(ex.getLocalizedMessage());
}
return ResponseEntity
.status(ex.getHttpStatus())
.header("X-Error-Code", ex.getErrorCode())
.body(errorResponse);
}
/**
* 处理参数校验异常(JSR-303)
*/
@ExceptionHandler(MethodArgumentNotValidException.class)
public ResponseEntity<ApiErrorResponse> handleValidationException(
MethodArgumentNotValidException ex,
HttpServletRequest request) {
List<FieldErrorResponse> fieldErrors = ex.getBindingResult()
.getFieldErrors()
.stream()
.map(error -> FieldErrorResponse.builder()
.field(error.getField())
.message(error.getDefaultMessage())
.rejectedValue(error.getRejectedValue())
.build())
.collect(Collectors.toList());
Map<String, Object> details = new HashMap<>();
details.put("fieldErrors", fieldErrors);
details.put("errorCount", fieldErrors.size());
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.BAD_REQUEST.value())
.error(HttpStatus.BAD_REQUEST.getReasonPhrase())
.code("VALIDATION_FAILED")
.message("请求参数验证失败")
.details(details)
.path(request.getRequestURI())
.build();
return ResponseEntity.badRequest().body(errorResponse);
}
/**
* 处理ConstraintViolationException(方法参数校验)
*/
@ExceptionHandler(ConstraintViolationException.class)
public ResponseEntity<ApiErrorResponse> handleConstraintViolation(
ConstraintViolationException ex,
HttpServletRequest request) {
List<String> violations = ex.getConstraintViolations()
.stream()
.map(violation -> String.format("%s: %s",
violation.getPropertyPath(),
violation.getMessage()))
.collect(Collectors.toList());
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.BAD_REQUEST.value())
.error(HttpStatus.BAD_REQUEST.getReasonPhrase())
.code("PARAMETER_VALIDATION_FAILED")
.message("方法参数验证失败")
.details(violations)
.path(request.getRequestURI())
.build();
return ResponseEntity.badRequest().body(errorResponse);
}
/**
* 处理HTTP方法不支持异常
*/
@ExceptionHandler(HttpRequestMethodNotSupportedException.class)
public ResponseEntity<ApiErrorResponse> handleMethodNotSupported(
HttpRequestMethodNotSupportedException ex,
HttpServletRequest request) {
String supportedMethods = ex.getSupportedMethods() != null
? String.join(", ", ex.getSupportedMethods())
: "";
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.METHOD_NOT_ALLOWED.value())
.error(HttpStatus.METHOD_NOT_ALLOWED.getReasonPhrase())
.code("METHOD_NOT_ALLOWED")
.message(String.format("请求方法 %s 不支持,支持的方法: %s",
ex.getMethod(), supportedMethods))
.path(request.getRequestURI())
.build();
return ResponseEntity.status(HttpStatus.METHOD_NOT_ALLOWED)
.header("Allow", supportedMethods)
.body(errorResponse);
}
/**
* 处理媒体类型不支持异常
*/
@ExceptionHandler(HttpMediaTypeNotSupportedException.class)
public ResponseEntity<ApiErrorResponse> handleMediaTypeNotSupported(
HttpMediaTypeNotSupportedException ex,
HttpServletRequest request) {
String supportedTypes = ex.getSupportedMediaTypes()
.stream()
.map(MediaType::toString)
.collect(Collectors.joining(", "));
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.UNSUPPORTED_MEDIA_TYPE.value())
.error(HttpStatus.UNSUPPORTED_MEDIA_TYPE.getReasonPhrase())
.code("UNSUPPORTED_MEDIA_TYPE")
.message(String.format("媒体类型 %s 不支持,支持的媒体类型: %s",
ex.getContentType(), supportedTypes))
.path(request.getRequestURI())
.build();
return ResponseEntity.status(HttpStatus.UNSUPPORTED_MEDIA_TYPE)
.header("Accept", supportedTypes)
.body(errorResponse);
}
/**
* 处理资源未找到异常
*/
@ExceptionHandler(NoHandlerFoundException.class)
public ResponseEntity<ApiErrorResponse> handleNotFound(
NoHandlerFoundException ex,
HttpServletRequest request) {
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.NOT_FOUND.value())
.error(HttpStatus.NOT_FOUND.getReasonPhrase())
.code("ENDPOINT_NOT_FOUND")
.message(String.format("端点 %s %s 不存在",
ex.getHttpMethod(), ex.getRequestURL()))
.path(request.getRequestURI())
.build();
return ResponseEntity.status(HttpStatus.NOT_FOUND).body(errorResponse);
}
/**
* 处理数据访问异常
*/
@ExceptionHandler(DataAccessException.class)
public ResponseEntity<ApiErrorResponse> handleDataAccessException(
DataAccessException ex,
HttpServletRequest request) {
log.error("数据访问异常", ex);
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.SERVICE_UNAVAILABLE.value())
.error(HttpStatus.SERVICE_UNAVAILABLE.getReasonPhrase())
.code("DATABASE_ERROR")
.message("数据库服务暂时不可用")
.path(request.getRequestURI())
.build();
return ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE)
.body(errorResponse);
}
/**
* 兜底异常处理
*/
@ExceptionHandler(Exception.class)
public ResponseEntity<ApiErrorResponse> handleAllUncaughtException(
Exception ex,
HttpServletRequest request) {
log.error("未处理的异常", ex);
ApiErrorResponse.ApiErrorResponseBuilder builder = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.INTERNAL_SERVER_ERROR.value())
.error(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase())
.code("INTERNAL_SERVER_ERROR")
.path(request.getRequestURI());
// 根据环境决定错误信息
if (Arrays.asList(environment.getActiveProfiles()).contains("prod")) {
builder.message("系统内部错误,请稍后重试");
} else {
builder.message(ex.getMessage())
.debugMessage(ExceptionUtils.getStackTrace(ex));
}
return ResponseEntity.internalServerError().body(builder.build());
}
}
// 字段错误响应对象
@Data
@Builder
class FieldErrorResponse {
private String field;
private String message;
private Object rejectedValue;
}3.4 启用404异常处理
yaml
# application.yml
spring:
mvc:
throw-exception-if-no-handler-found: true
static-path-pattern: /static/**
web:
resources:
add-mappings: false # 禁用静态资源默认映射
servlet:
multipart:
max-file-size: 10MB
max-request-size: 10MB
# 日志配置
logging:
level:
com.example.exception: DEBUG四、高级特性与最佳实践
4.1 异常国际化支持
java
@Component
public class ErrorMessageSource {
private final MessageSource messageSource;
public String getMessage(String code, Object[] args, Locale locale) {
return messageSource.getMessage("error." + code, args,
"Unknown error", locale);
}
public String getMessage(BaseException ex, Locale locale) {
return getMessage(ex.getErrorCode(),
new Object[]{ex.getMessage()}, locale);
}
}
// 在异常处理器中使用
@ExceptionHandler(BaseException.class)
public ResponseEntity<ApiErrorResponse> handleBaseException(
BaseException ex,
HttpServletRequest request,
Locale locale) {
String localizedMessage = errorMessageSource.getMessage(ex, locale);
// 使用本地化后的消息
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.message(localizedMessage)
// ... 其他字段
.build();
return ResponseEntity.status(ex.getHttpStatus()).body(errorResponse);
}4.2 异常监控与告警
java
@Component
@Slf4j
public class ExceptionMonitor {
private final MeterRegistry meterRegistry;
private final AlertService alertService;
@EventListener
public void handleExceptionEvent(ExceptionEvent event) {
Exception ex = event.getException();
// 记录指标
Counter.builder("application.exceptions")
.tag("type", ex.getClass().getSimpleName())
.register(meterRegistry)
.increment();
// 重要异常发送告警
if (ex instanceof DataAccessException ||
ex instanceof ServiceException) {
alertService.sendAlert("系统异常",
String.format("发生严重异常: %s", ex.getMessage()),
AlertLevel.HIGH);
}
// 记录详细日志
log.error("监控到异常: {}", ex.getClass().getName(), ex);
}
}
// 异常事件发布
@ExceptionHandler(Exception.class)
public ResponseEntity<?> handleException(Exception ex, WebRequest request) {
// 发布异常事件
applicationContext.publishEvent(new ExceptionEvent(this, ex));
// ... 处理逻辑
}4.3 分布式追踪集成
java
public class TracingExceptionHandler {
@ExceptionHandler(Exception.class)
public ResponseEntity<ApiErrorResponse> handleException(
Exception ex,
HttpServletRequest request) {
// 获取Trace ID
String traceId = MDC.get("traceId");
if (traceId == null) {
traceId = (String) request.getAttribute("X-B3-TraceId");
}
ApiErrorResponse errorResponse = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.requestId(traceId)
// ... 其他字段
.build();
return ResponseEntity.internalServerError().body(errorResponse);
}
}4.4 性能优化建议
- 避免在异常处理器中执行耗时操作
- 使用缓存存储频繁使用的错误信息
- 异步处理异常监控和日志记录
- 合理使用@Order控制处理器执行顺序
java
@RestControllerAdvice
@Order(Ordered.LOWEST_PRECEDENCE - 1) // 最后执行
public class FallbackExceptionHandler {
// 兜底处理器
}
@RestControllerAdvice
@Order(Ordered.HIGHEST_PRECEDENCE) // 最先执行
public class SecurityExceptionHandler {
// 安全相关的异常处理
}五、测试策略
5.1 单元测试
java
@ExtendWith(MockitoExtension.class)
class GlobalExceptionHandlerTest {
@InjectMocks
private GlobalExceptionHandler exceptionHandler;
@Mock
private HttpServletRequest request;
@Mock
private Environment environment;
@Test
void testHandleBusinessException() {
// given
BusinessException ex = new BusinessException("TEST_ERROR", "测试错误");
when(request.getRequestURI()).thenReturn("/api/test");
when(environment.getActiveProfiles()).thenReturn(new String[]{"test"});
// when
ResponseEntity<ApiErrorResponse> response =
exceptionHandler.handleBaseException(ex, request, mock(HttpServletResponse.class));
// then
assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode());
assertNotNull(response.getBody());
assertEquals("TEST_ERROR", response.getBody().getCode());
assertTrue(response.getHeaders().containsKey("X-Error-Code"));
}
@Test
void testHandleValidationException() {
// given
BindingResult bindingResult = mock(BindingResult.class);
FieldError fieldError = new FieldError("object", "field",
"不能为空");
when(bindingResult.getFieldErrors())
.thenReturn(Collections.singletonList(fieldError));
MethodArgumentNotValidException ex =
new MethodArgumentNotValidException(null, bindingResult);
// when
ResponseEntity<ApiErrorResponse> response =
exceptionHandler.handleValidationException(ex, request);
// then
assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode());
assertEquals("VALIDATION_FAILED", response.getBody().getCode());
}
}5.2 集成测试
java
@SpringBootTest
@AutoConfigureMockMvc
@TestPropertySource(properties = {
"spring.profiles.active=test",
"spring.mvc.throw-exception-if-no-handler-found=true"
})
class ExceptionHandlingIntegrationTest {
@Autowired
private MockMvc mockMvc;
@Test
void testNotFoundEndpoint() throws Exception {
mockMvc.perform(get("/non-existent-endpoint"))
.andExpect(status().isNotFound())
.andExpect(jsonPath("$.code").value("ENDPOINT_NOT_FOUND"))
.andExpect(jsonPath("$.path").value("/non-existent-endpoint"));
}
@Test
void testValidationError() throws Exception {
String invalidJson = "{\"name\":\"\",\"email\":\"invalid-email\"}";
mockMvc.perform(post("/api/users")
.contentType(MediaType.APPLICATION_JSON)
.content(invalidJson))
.andExpect(status().isBadRequest())
.andExpect(jsonPath("$.code").value("VALIDATION_FAILED"))
.andExpect(jsonPath("$.details.fieldErrors").isArray());
}
}六、生产环境配置
6.1 多环境配置
yaml
# application-prod.yml
error:
include-message: never
include-binding-errors: never
include-stacktrace: never
include-exception: false
logging:
level:
com.example.exception: WARN
management:
endpoints:
web:
exposure:
include: health,metrics,prometheus
metrics:
tags:
application: ${spring.application.name}6.2 安全配置
java
@Configuration
public class SecurityExceptionConfig {
@Bean
@ConditionalOnMissingBean
public AccessDeniedHandler accessDeniedHandler() {
return (request, response, accessDeniedException) -> {
ApiErrorResponse error = ApiErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.FORBIDDEN.value())
.error("Forbidden")
.code("ACCESS_DENIED")
.message("无权访问该资源")
.path(request.getRequestURI())
.build();
response.setStatus(HttpStatus.FORBIDDEN.value());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.getWriter().write(new ObjectMapper().writeValueAsString(error));
};
}
}七、常见问题与解决方案
7.1 异常处理顺序问题
java
// 解决方案:明确指定处理顺序
@RestControllerAdvice
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SecurityExceptionHandler {
// 安全异常最先处理
}
@RestControllerAdvice
@Order(Ordered.HIGHEST_PRECEDENCE + 1)
public class BusinessExceptionHandler {
// 业务异常其次处理
}
@RestControllerAdvice
@Order(Ordered.LOWEST_PRECEDENCE)
public class GenericExceptionHandler {
// 通用异常最后处理
}7.2 异步请求异常处理
java
@RestControllerAdvice
@Async
public class AsyncExceptionHandler {
@ExceptionHandler(Exception.class)
@SendTo("/topic/errors")
public ErrorMessage handleAsyncException(Exception ex) {
// 异步异常处理,可以发送到消息队列或WebSocket
return new ErrorMessage(ex.getMessage());
}
}7.3 微服务中的异常传播
java
// 使用Feign Client时的异常处理
@Configuration
public class FeignErrorDecoder implements ErrorDecoder {
@Override
public Exception decode(String methodKey, Response response) {
if (response.status() >= 400 && response.status() < 500) {
// 转换为业务异常
return new BusinessException(
"REMOTE_SERVICE_ERROR",
"远程服务调用失败"
);
}
return new ServiceException("REMOTE_SERVICE_UNAVAILABLE",
"远程服务不可用");
}
}总结
Spring Boot的全局异常处理机制为开发者提供了一套完整、灵活的解决方案。通过本文的深入探讨,我们了解到:
- 分层处理:按照异常类型和处理优先级进行分层设计
- 统一响应:标准化错误响应格式,提升API一致性
- 国际化支持:为多语言应用提供本地化错误信息
- 监控集成:与监控系统紧密结合,便于问题排查
- 安全考虑:保护系统内部信息,防止敏感信息泄露
良好的异常处理不仅是技术实现,更是对用户体验的深度思考。它让系统在面对异常时能够优雅降级,为用户提供清晰、友好的反馈,同时为开发运维提供足够的调试信息。
记住:异常处理的目标不是消灭所有异常,而是让系统在面对异常时能够优雅地失败。
如需获取更多关于SpringBoot自动配置原理、内嵌Web容器、Starter开发指南、生产级特性(监控、健康检查、外部化配置)等内容,请持续关注本专栏《SpringBoot核心技术深度剖析》系列文章。