As discussed with @chemicL, this is a limitation of the current design which is using a `WebFilter`. The exception handling mechanism is applied with `ExceptionHandlingWebHandler`, which is a `HttpHandlerDecorator`. `WebFilter` instances are applied at a higher level and are not aware of this.
This limitation is serious enough that I'm considering this a bug and should be fixed in 6.0.x. A possible solution would be to reimplement the instrumentation as a HttpHandlerDecorator itself, but this needs to validated. I'm scheduling this issue for 6.0.x but this can be revisited depending on our findings with HttpHandlerDecorator. As a result, the existing WebFilter should be deprecated.
Originally posted by @bclozel in https://github.com/spring-projects/spring-framework/issues/30013#issuecomment-1443608666
Comment From: kasra-haghpanah
Recently, I've been programming Spring Webflux On the 3.1.4 version. I've also used Spring Security and the type of the token is JWT. If the token is not valid, the Security Class will throw an exception. Although the throw goes through the ErrorWebExceptionHandler Class, it does not arrive in the WebFilter Class. This issue just happens when an exception in the Security Class, but in the rest of the cases, it works correctly. The following link is the address of my project: https://github.com/kasra-haghpanah/spring-rsocket-with-rsocketjs The lists of classes that are related to the problem, including Filter, GlobalErrorHandler, and SecurityConfig in my project.
Comment From: bclozel
30013 has been fixed. What is the purpose of this issue?
Comment From: kasra-haghpanah
I use WebFilter for making general Exceptions and Logging for Logstash in the WebFilter layer. It just does not work correctly in the Security Level means that the Security Class throws an Exception and WebFilter can not Catch it in the doOnError Method, but it works correctly in other cases.
Comment From: kasra-haghpanah
I use WebFilter for making general Exception Handlings and Logging for Logstash in the WebFilter layer. It just does not work correctly in the Security Level means that the Security Class throws an Exception and WebFilter can not Catch it in the doOnError Method, but it works correctly in other cases.
Comment From: kasra-haghpanah
In my opinion, the ErrorWebExceptionHandler can be removed and the WebFilter just exists. the class lists are in order according to the following links: https://github.com/kasra-haghpanah/spring-rsocket-with-rsocketjs/blob/main/src/main/java/com/council/election/configuration/webflux/filter/Filter.java https://github.com/kasra-haghpanah/spring-rsocket-with-rsocketjs/blob/main/src/main/java/com/council/election/configuration/webflux/security/config/SecurityConfig.java https://github.com/kasra-haghpanah/spring-rsocket-with-rsocketjs/blob/main/src/main/java/com/council/election/configuration/exception/GlobalErrorHandler.java
Comment From: bclozel
The WebFilter level was the wrong level for instrumentation. We have fixed that in #30013 already. Did you check with the latest milestones?
I'm closing this issue as there is nothing actionable here.
Comment From: kasra-haghpanah
According to the following code in my WebFilter level, I expect after each request, if there is an exception, the doOnError Method will catch it, but if I throw an exception in Security levels does not work truly at least for me on my project. Of course, In other cases works correctly. On the other hand, according to #30013, it was told "this is a limitation of the current design which is using a WebFilter. The exception handling mechanism is applied with ExceptionHandlingWebHandler, which is a HttpHandlerDecorator. WebFilter instances are applied at a higher level and are not aware of this." Ok, thank you so much.
@Override
public Mono
return webFilterChain.filter(exchangeDecorator) .doOnSuccess(aVoid -> {
})
.doAfterTerminate(() -> {
// System.out.println("doAfterTerminate");
})
.doOnError(throwable -> {
// my exception handlings
})
.doFinally(signalType -> {
});
}