Affects: Spring Boot 2.3.X.RELEASE
Since Spring Boot 2.3.X.RELEASE, the bean validation error message are no longer displayed in the response body.
Steps to reproduce
Using a sample generated from https://start.spring.io:
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.1.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
DemoApplication.java
@SpringBootApplication
@RestController
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@PostMapping
public String foobar(@Valid @RequestBody Foobar foobar) {
System.out.println(foobar);
return "OK";
}
public static class Foobar {
@NotNull
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
}
When calling the endpoint without setting the name property:
β curl -X POST http://localhost:8080 -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{}'
{"timestamp":"2020-07-17T10:30:47.084+00:00","path":"/","status":400,"error":"Bad Request","message":"","requestId":"00358751-1"}
Whereas when reverting to Spring Boot 2.2.8.RELEASE, we have the following response:
β curl -X POST http://localhost:8080 -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{}'
{"timestamp":"2020-07-17T10:28:25.661+0000","path":"/","status":400,"error":"Bad Request","message":"Validation failed for argument at index 0 in method: public java.lang.String com.example.demo.DemoApplication.foobar(com.example.demo.DemoApplication$Foobar), with 1 error(s): [Field error in object 'foobar' on field 'name': rejected value [null]; codes [NotNull.foobar.name,NotNull.name,NotNull.java.lang.String,NotNull]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [foobar.name,name]; arguments []; default message [name]]; default message [must not be null]] ","requestId":"46abca3f-2","errors":[{"codes":["NotNull.foobar.name","NotNull.name","NotNull.java.lang.String","NotNull"],"arguments":[{"codes":["foobar.name","name"],"arguments":null,"defaultMessage":"name","code":"name"}],"defaultMessage":"must not be null","objectName":"foobar","field":"name","rejectedValue":null,"bindingFailure":false,"code":"NotNull"}]}
Comment From: wilkinsona
Thanks for the report. As described in the release notes, this is an intentional change to Spring Boot's default behaviour. Once you are sure that you are not at risk of leaking anything via exception messages, you can opt back in by using the server.error.include-message property and setting its value to always.