diff --git a/rules/S2230/java/rule.adoc b/rules/S2230/java/rule.adoc index fd136f0cd31..04510b8c797 100644 --- a/rules/S2230/java/rule.adoc +++ b/rules/S2230/java/rule.adoc @@ -1,9 +1,14 @@ == Why is this an issue? -Marking a non-public method `@Async` or `@Transactional` is misleading because Spring does not recognize non-public methods, and so makes no provision for their proper invocation. +Marking a non-public method `@Async` or `@Transactional` is misleading because, up to version 5, Spring does not recognize non-public methods, and so makes no provision for their proper invocation. Nor does Spring make provision for the methods invoked by the method it called. +Since Spring 6, protected and package-private methods can be handled, but the issue remains for private methods. -Therefore marking a private method, for instance, @Transactional can only result in a runtime error or exception if the method is annotated as @Transactional. +Therefore, marking a private method, for instance, @Transactional gives a false sense of security, and can lead to incorrect assumptions and potential bugs. + +== Exceptions + +The rule targets all non-public methods for project using Spring up to Spring 5, but only private methods for Spring 6 because Spring 6 takes into account all non-private methods. == How to fix it @@ -39,6 +44,7 @@ public Future asyncMethodWithReturnType() { // Compliant - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/scheduling/annotation/Async.html[Spring Framework API - Annotation Interface Async] - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/transaction/annotation/Transactional.html[Spring Framework API - Annotation Interface Transactional] +- https://docs.spring.io/spring-framework/reference/6.2.6/data-access/transaction/declarative/annotations.html#transaction-declarative-annotations-method-visibility[Method visibility and @Transactional in proxy mode] === Articles & blog posts