Handling exceptions in Java


Performing a code scan with Fortify detects the following vulnerability in my code. Which tells me the following:


If the catch blocks are several, it can be uncomfortable and repetitive,   but if you "condense" catch blocks by getting a high class   Exception level, you can hide exceptions that require a   special treatment or that should not be obtained at this point of the   Program. Basically, filtering an exception too broad frustrates   the purpose of written Java exceptions. Also, it could   become especially dangerous if the program grows and starts to   launch new types of exceptions.

The code is as follows:

try{ gzos.close(); } catch( Exception e ){}
try{ b64os.close(); } catch( Exception e ){}
try{ baos.close(); } catch( Exception e ){}

The 3 blocks throw the exception of type IOException . I have two possible solutions which are the following:

//Manera 1
try{ gzos.close(); } catch( IOException e ){}
try{ b64os.close(); } catch( IOException e ){}
try{ baos.close(); } catch( IOException e ){}

//Manera 2
try{ gzos.close();
     baos.close(); } catch( IOException e ){}

Now the question is as follows: How do I handle the exception correctly?

asked by J. Castro 01.05.2018 в 01:55

1 answer


First of all I must say that it is a very bad practice to close the resources within the body / block of try , this must be done within finally .

The best solution to your specific case is to use a try-with-resources , introduced from Java 7, in the following way (depending on your version of Java you can do different things).

// Java 7 y 8

// Instanciación de las variables dentro de los paréntesis
try ( InputStream fis = new FileInputStream("file.txt");
      ByteArrayOutputStream baos = new ByteArrayOutputStream();) { 

    // Trabajo con los streams fis y baos
} catch (IOException e ) {
    // Código

// Instanciación de las varibles dentro de los paréntesis
try ( InputStream fis = otroFis;
      ByteArrayOutputStream baos = otroBaos;) { 

    // Trabajo con los streams fis y baos
} catch (IOException e ) {
    // Código

// Java 9 y 10
try ( otroFis;
      otroBaos;) { 

    // Trabajo con los streams fis y baos
} catch (IOException e ) {
    // Código

NOTE: The main difference between the versions of try-with-resources in Java 7 and Java 9, is that in Java 7, you had to declare the variables inside the parentheses that you were going to use in the body of try and in Java 9, you can only reference a variable defined outside of those parentheses.

If you realize, this mechanism prevents you from having to explicitly close the resources, and also handles any exception that occurs trying to close them. It also guarantees that all resources will be closed, although exceptions may occur during the process of closing another one.

It is important to keep in mind that in order to use the try-with-resources , the objects must implement the AutoClosable interface (all java exit input API classes implement it, and if I'm not wrong, many of JDBC too).

answered by 01.05.2018 / 02:28