Return null or throw exception one more time

I've already looked for the answer for this question, and I've found the following suggestions:

1. If you are always expecting to find a value then throw the exception if it is missing. The exception would mean that there was a problem. If the value can be missing or present and both are valid for the application logic then return a null.
2. Only throw an exception if it is truly an error. If it is expected behavior for the object to not exist, return the null.

But how should I interpret them in my (so casual) case: My web app controller is receiving request to show details for a user with a certain id. Controller asks the service laye开发者_Python百科r to get the user, and then the service returns the object, if it's found. If not, a redirect to 'default' location is issued.

What should I do when someone passes invalid user id inside the request URL? Should I consider it as "expected behaviour" and return null to the controller, or perhaps should I call it a "problem or unexpected behaviour" and thus throw an exception inside the service method and catch in inside the controller?

Technically it's not a big difference after all, but I'd like to do it the right way by following standard convetions. Thanks in advance for any suggestions.

EDIT: I assume, that the URLs generated by the app are valid and existing - when clicked by user, the user with a certaing id should be found. I want to know how to handle a situation, when user tries to access URL with wrong (not existing) user id, by manually typing the URL into browser's address bar.

If I understand you correctly, the request containing the user ID is coming from a client (out of your control). Applying the rules of thumb you quoted: invalid user input is an entirely expectable case, which would not require an exception, rather handle the null value gracefully by returning an appropriate error message to the client.

(OTOH if the user id in the request were automatically generated by another app / coming from DB etc, an invalid user ID would be unexpected, thus an exception would be appropriate.)

My personal suggestion would be to log the error details (IP address, the invalid user ID) and re-direct the user to an error page which says that some error has occurred and the administrators have been notified. Click on so-n-so link to go back to your home page etc.

Point being, whether you throw exception or return null, just make sure that the outermost filter or handler "logs" the details before the response is returned to the user.

What should I do when someone passes invalid user id inside the request URL?

You have two choices: show the 'default' page you mentioned or return a "Not found" / 404.

Regarding null, it depends. If you consider null unacceptable for a reference, then annotate it with @NotNull and the annotation shall take care of doing the correct thing upon getting a null reference: that is, throwing an (unchecked) exception (of course you need to work with the amazing @NotNull annotation for this to work).

What your do higher up the chain is up to you: to me returning a 404 to someone trying to fake user IDs sounds really close to optimal.