Hi. I have a question about best practices in handling exceptions in web applications. 1. A servlet encountered a system level exception (like JDBC exceptions). Should I use <exception-type> element or enclose my JDBC code in try-catch statements and forward the user to a specific page or using errorpage attribute ? 2. Same as the previous question but for user-level exceptions. I'm really paranoid about best practices for handling exceptions and I appreciate your help.. (You know, web site is the interface of your company to the world, it should be eye pleasing Thanks.
That you're conscious of exception handling and how it can affect your system is a great place from which to start. The real trick is to catch and handle the exceptions in a consistent way rather than let them bubble up to the servlet container (or main for a regular app). As long as you do something appropriate with them, you're in the bounds of "best practices" in my book.
You'll develop your own style as you work with them, and no doubt others will chime in with some good suggestions. I'll leave that part to them as I have only done minimal servlet stuff for a long time. Whatever you do, try to encapsulate it as best you can so you can modify how you handle them more easily.
If system exception you mean unchecked and by user exception you mean checked, I'd drop that distinction. System exceptions, which are indeed usually unchecked, can not be "handled" by your webapp; they can only be recovered from. A custom error page seems quite reasonable. What else can you do when a developer makes a typo in some SQL query, ask the user to proof-read and fix it?
User exceptions, which I prefer to call application level exceptions (I believe that's Sun's term as well) are errors that your webapp can and must handle. If the user enters an invalid login name and your DAO throws UserNotFoundException, you should certainly catch it and send them back to the login page with a message saying their login ID doesn't exist.
So did I say anything helpful? Heh, I'll let you make that call.
Unless you really know what you are doing, I'd recommend that you follow the guidelines made by Sun and the EJB specification: that system exceptions are unexpected and/or not recoverable by the client and that application exceptions are expected and are therefore recoverable.
Create a custom system exception class which inherits from RuntimeException and throw instances of it to the container when necessary. For example, if your application receives an irrecoverable exception like SQLException, handle it by wrapping it in your custom system exception and throwing it. In this particular example, you have actually converted a checked exception into an unchecked exception. You will probably want to declaratively forward to a system error page when a system exception is encountered.
Application exceptions are often fairly similar, I like to declare a checked base application exception class (which inherits from Exception) and subclass as required. Try and deal with application exceptions in a declaratively way if you can, I think that this is often the best way.