Update guide-exceptions.asciidoc

hohwille · web-flow · commit dce05e750767 · 2020-07-30T12:21:28.000+02:00
diff --git a/documentation/guide-exceptions.asciidoc b/documentation/guide-exceptions.asciidoc
@@ -84,6 +84,7 @@ For catching and handling exceptions we follow these rules:
 * If we catch an exception and throw a new one, we always *have* to provide the original exception as http://docs.oracle.com/javase/7/docs/api/java/lang/Throwable.html#getCause%28%29[cause] to the constructor of the new exception.
 * At the entry points of the application (e.g. a service operation) we have to catch and handle all throwables. This is done via the _exception-facade-pattern_ via an explicit facade or aspect. The devon4j already provides ready-to-use implementations for this such as https://github.com/devonfw/devon4j/blob/develop/modules/rest/src/main/java/com/devonfw/module/rest/service/impl/RestServiceExceptionFacade.java[RestServiceExceptionFacade]. The exception facade has to...
 ** log all errors (user errors on info and technical errors on error level)
+** ensure the entire exception is passed to the logger (not only the message) so that the logger can capture the entire stacktrace and the root cause is not lost.
 ** convert the error to a result appropriable for the client and secure for https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure[Sensitive Data Exposure]. Especially for security exceptions only a generic security error code or message may be revealed but the details shall only be logged but *not* be exposed to the client. All _internal exceptions_ are converted to a generic error with a message like:
 +
 > An unexpected technical error has occurred. We apologize any inconvenience. Please try again later.

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ For catching and handling exceptions we follow these rules:`
`84`	`84`	`* If we catch an exception and throw a new one, we always have to provide the original exception as http://docs.oracle.com/javase/7/docs/api/java/lang/Throwable.html#getCause%28%29[cause] to the constructor of the new exception.`
`85`	`85`	`* At the entry points of the application (e.g. a service operation) we have to catch and handle all throwables. This is done via the _exception-facade-pattern_ via an explicit facade or aspect. The devon4j already provides ready-to-use implementations for this such as https://github.com/devonfw/devon4j/blob/develop/modules/rest/src/main/java/com/devonfw/module/rest/service/impl/RestServiceExceptionFacade.java[RestServiceExceptionFacade]. The exception facade has to...`
`86`	`86`	`** log all errors (user errors on info and technical errors on error level)`
	`87`	`+** ensure the entire exception is passed to the logger (not only the message) so that the logger can capture the entire stacktrace and the root cause is not lost.`
`87`	`88`	`** convert the error to a result appropriable for the client and secure for https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure[Sensitive Data Exposure]. Especially for security exceptions only a generic security error code or message may be revealed but the details shall only be logged but not be exposed to the client. All _internal exceptions_ are converted to a generic error with a message like:`
`88`	`89`	`+`
`89`	`90`	`> An unexpected technical error has occurred. We apologize any inconvenience. Please try again later.`