Use requestMapping on public methods :: Recipe Details

Recipe Name:

Use requestMapping on public methods

Description:

RequestMapping should not be used on non-public methods

Level:

warning

Language:

java

Tags:

Spring
framework specific
web
Spring Web
quality

Documentation

Non-public methods annotated with @RequestMapping can respond to requests. Remove the annotation to prevent unwanted access to sensitive methods, or set the method's modifier to public.

Before

@PostMapping
private void do(){ }

After

private void do(){ }

References

Recipe

id: scw:spring:web:requestmapping-public-methods
version: 10
metadata:
  name: Use requestMapping on public methods
  shortDescription: RequestMapping should not be used on non-public methods
  level: warning
  language: java
  enabled: true
  descriptionFile: descriptions/UserequestMappingonpublicmethods.html
  tags: Spring;framework specific;web;Spring Web;quality
search:
  method:
    not:
      modifier: public
    in:
      typeDeclaration:
        anyOf:
        - annotation:
            type: Controller
        - annotation:
            type: RestController
    child:
      annotation:
        type:
          reference:
            matches: org.springframework.web.bind.annotation.*
          checkInheritance: true
availableFixes:
- name: Make the method public
  actions:
  - changeModifiers:
      visibility: public