...
This compliant solution catches and sanitizes the exception and its message before allowing the exception to propagate to the caller. In cases where the exception type itself can reveal too much information, consider throwing a different exception altogether (with a different message, or possibly a higher level exception; this is exception translation). One good solution is to use the MyExceptionReporter class described in guideline EXC01ERR01-J. Use a class dedicated to reporting exceptions, as shown in this compliant solution.
...
Compliant solutions must ensure that security exceptions such as java.security.AccessControlException and java.lang.SecurityException continue to be logged and sanitized appropriately. See guideline EXC03-J. Use a logging API to log critical security exceptions for additional information. The MyExceptionReporter class from guideline EXC01ERR01-J. Use a class dedicated to reporting exceptions demonstrates an acceptable approach for this logging and sanitization.
...