fix(webauthn): remove noisy stack traces from expected exception logging

devondragon · devondragon · commit ee0aed0edd8f · 2026-02-21T16:02:28.000-07:00
Drop the exception object from log.warn() calls in
WebAuthnManagementAPIAdvice. These are expected business and validation
errors (credential not found, validation failures), not unexpected
system failures, so full stack traces add noise without diagnostic value.
diff --git a/src/main/java/com/digitalsanctuary/spring/user/api/WebAuthnManagementAPIAdvice.java b/src/main/java/com/digitalsanctuary/spring/user/api/WebAuthnManagementAPIAdvice.java
@@ -20,25 +20,25 @@ public class WebAuthnManagementAPIAdvice {
 
 	@ExceptionHandler(WebAuthnUserNotFoundException.class)
 	public ResponseEntity<GenericResponse> handleUserNotFound(WebAuthnUserNotFoundException ex) {
-		log.warn("WebAuthn user not found: {}", ex.getMessage(), ex);
+		log.warn("WebAuthn user not found: {}", ex.getMessage());
 		return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new GenericResponse(ex.getMessage()));
 	}
 
 	@ExceptionHandler(WebAuthnException.class)
 	public ResponseEntity<GenericResponse> handleWebAuthnError(WebAuthnException ex) {
-		log.warn("WebAuthn error: {}", ex.getMessage(), ex);
+		log.warn("WebAuthn error: {}", ex.getMessage());
 		return ResponseEntity.badRequest().body(new GenericResponse(ex.getMessage()));
 	}
 
 	@ExceptionHandler(MethodArgumentNotValidException.class)
 	public ResponseEntity<GenericResponse> handleValidation(MethodArgumentNotValidException ex) {
-		log.warn("WebAuthn validation error: {}", ex.getMessage(), ex);
+		log.warn("WebAuthn validation error: {}", ex.getMessage());
 		return ResponseEntity.badRequest().body(new GenericResponse(ex.getBindingResult().getAllErrors(), "Validation failed"));
 	}
 
 	@ExceptionHandler(ConstraintViolationException.class)
 	public ResponseEntity<GenericResponse> handleConstraintViolation(ConstraintViolationException ex) {
-		log.warn("WebAuthn constraint violation: {}", ex.getMessage(), ex);
+		log.warn("WebAuthn constraint violation: {}", ex.getMessage());
 		return ResponseEntity.badRequest().body(new GenericResponse("Validation failed"));
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -20,25 +20,25 @@ public class WebAuthnManagementAPIAdvice {`
`20`	`20`
`21`	`21`	`@ExceptionHandler(WebAuthnUserNotFoundException.class)`
`22`	`22`	`public ResponseEntity<GenericResponse> handleUserNotFound(WebAuthnUserNotFoundException ex) {`
`23`		`- log.warn("WebAuthn user not found: {}", ex.getMessage(), ex);`
	`23`	`+ log.warn("WebAuthn user not found: {}", ex.getMessage());`
`24`	`24`	`return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new GenericResponse(ex.getMessage()));`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`@ExceptionHandler(WebAuthnException.class)`
`28`	`28`	`public ResponseEntity<GenericResponse> handleWebAuthnError(WebAuthnException ex) {`
`29`		`- log.warn("WebAuthn error: {}", ex.getMessage(), ex);`
	`29`	`+ log.warn("WebAuthn error: {}", ex.getMessage());`
`30`	`30`	`return ResponseEntity.badRequest().body(new GenericResponse(ex.getMessage()));`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`@ExceptionHandler(MethodArgumentNotValidException.class)`
`34`	`34`	`public ResponseEntity<GenericResponse> handleValidation(MethodArgumentNotValidException ex) {`
`35`		`- log.warn("WebAuthn validation error: {}", ex.getMessage(), ex);`
	`35`	`+ log.warn("WebAuthn validation error: {}", ex.getMessage());`
`36`	`36`	`return ResponseEntity.badRequest().body(new GenericResponse(ex.getBindingResult().getAllErrors(), "Validation failed"));`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`@ExceptionHandler(ConstraintViolationException.class)`
`40`	`40`	`public ResponseEntity<GenericResponse> handleConstraintViolation(ConstraintViolationException ex) {`
`41`		`- log.warn("WebAuthn constraint violation: {}", ex.getMessage(), ex);`
	`41`	`+ log.warn("WebAuthn constraint violation: {}", ex.getMessage());`
`42`	`42`	`return ResponseEntity.badRequest().body(new GenericResponse("Validation failed"));`
`43`	`43`	`}`
`44`	`44`	`}`