Sensei Logo Sensei Hub

Recipe - Use requestMapping on public methods

Description:
RequestMapping should not be used on non-public methods
Level:
warning
Language:
  • java
Tags:
  • Spring
  • framework specific
  • web
  • Spring Web
  • quality
Documentation

Non-public methods annotated with @RequestMapping can respond to requests. Remove the annotation to prevent unwanted access to sensitive methods, or set the method's modifier to public.

Before
@PostMapping
private void do(){ }
After
private void do(){ }
References
Recipe
id: scw:spring:web:requestmapping-public-methods
version: 10
metadata:
  name: Use requestMapping on public methods
  shortDescription: RequestMapping should not be used on non-public methods
  level: warning
  language: java
  enabled: true
  descriptionFile: descriptions/UserequestMappingonpublicmethods.html
  tags: Spring;framework specific;web;Spring Web;quality
search:
  method:
    not:
      modifier: public
    in:
      typeDeclaration:
        anyOf:
        - annotation:
            type: Controller
        - annotation:
            type: RestController
    child:
      annotation:
        type:
          reference:
            matches: org.springframework.web.bind.annotation.*
          checkInheritance: true
availableFixes:
- name: Make the method public
  actions:
  - changeModifiers:
      visibility: public