fix(sap-demo): /api/v1/audit returns 200 on empty audit table

slayerjain · claude · slayerjain · commit 395e12ffb2d7 · 2026-04-22T18:34:55.000+05:30
GET /api/v1/audit returned 500 because the route wasn't registered and Spring's fallback NoResourceFoundException was caught by the generic @ExceptionHandler(Exception.class), masquerading as an internal server error. The intuitive audit-centric path should just work, and unmapped routes in general should 404 cleanly rather than 500. Changes: * AuditController exposes GET /api/v1/audit as the canonical route, keeping GET /api/v1/customers/recent-views as a back-compat alias. Null-safes the result list so an empty audit table still returns `{"items":[],"count":0}` rather than falling through to Map.of's NPE-on-null. * GlobalExceptionHandler adds an explicit NoResourceFoundException handler that returns 404 with an RFC 7807 body, so typos / probing no longer surface as 500s. Reproduction: curl -i http://localhost:8080/api/v1/audit → HTTP 500 + "An unexpected error occurred" Log: NoResourceFoundException: No static resource api/v1/audit. Root cause: Controller mapped at /api/v1/customers/recent-views; no route for /api/v1/audit; Spring's static-resource fallback throws NoResourceFoundException which the catch-all Exception handler treated as a 500 (should be 404). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/sap-demo-java/src/main/java/com/tricentisdemo/sap/customer360/web/AuditController.java b/sap-demo-java/src/main/java/com/tricentisdemo/sap/customer360/web/AuditController.java
@@ -14,8 +14,15 @@
 import java.util.List;
 import java.util.Map;
 
+/**
+ * Postgres-only access-audit read surface — no SAP call on this path.
+ *
+ * <p>Exposes two equivalent routes for the same underlying query so both
+ * "audit-centric" consumers ({@code /api/v1/audit}) and the legacy
+ * customer-centric UI ({@code /api/v1/customers/recent-views}) resolve
+ * without the generic 500-from-NoResourceFoundException trap.
+ */
 @RestController
-@RequestMapping("/api/v1/customers")
 @Tag(name = "Audit", description = "Service-level access audit (Postgres read)")
 public class AuditController {
 
@@ -29,10 +36,13 @@ public AuditController(AuditService audit) {
 
     @Operation(summary = "Most recent 50 audit events across all customers",
                description = "Postgres-only — no SAP call. Useful for compliance/ops dashboards.")
-    @GetMapping("/recent-views")
+    @GetMapping({"/api/v1/audit", "/api/v1/customers/recent-views"})
     public ResponseEntity<Map<String, Object>> recent() {
-        log.info("GET /customers/recent-views");
+        log.info("GET audit recent-views");
         List<AuditEvent> events = audit.recent();
+        if (events == null) {
+            events = List.of();
+        }
         return ResponseEntity.ok(Map.of(
             "items", events,
             "count", events.size()
diff --git a/sap-demo-java/src/main/java/com/tricentisdemo/sap/customer360/web/GlobalExceptionHandler.java b/sap-demo-java/src/main/java/com/tricentisdemo/sap/customer360/web/GlobalExceptionHandler.java
@@ -17,6 +17,7 @@
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.servlet.resource.NoResourceFoundException;
 
 /**
  * Converts uncaught exceptions into RFC 7807 problem responses.
@@ -77,6 +78,23 @@ public ResponseEntity<ProblemResponse> handleValidation(Exception ex, HttpServle
             .body(body);
     }
 
+    @ExceptionHandler(NoResourceFoundException.class)
+    public ResponseEntity<ProblemResponse> handleNoRoute(NoResourceFoundException ex,
+                                                        HttpServletRequest req) {
+        // Spring's default flow routes an unmatched URL through the static
+        // resource handler, which then throws NoResourceFoundException.
+        // Without this handler it falls into the generic Exception catch
+        // and surfaces as a 500 — confusing for clients probing nearby
+        // routes (e.g. GET /api/v1/audit when they meant
+        // /api/v1/customers/recent-views).
+        log.info("Unmapped route path={}", req.getRequestURI());
+        ProblemResponse body = baseProblem(HttpStatus.NOT_FOUND, "Not Found",
+            "No handler is registered for " + req.getRequestURI(), req);
+        return ResponseEntity.status(HttpStatus.NOT_FOUND)
+            .headers(commonHeaders(null))
+            .body(body);
+    }
+
     @ExceptionHandler(DataAccessException.class)
     public ResponseEntity<ProblemResponse> handleDb(DataAccessException ex, HttpServletRequest req) {
         log.warn("database error surfaced to caller", ex);
