RequestMapping works on private methods

Asked 28/5, 2018 at 9:49 Answered 19/9 at 10:57

java spring spring-mvc spring-boot spring-rest

Now, my understanding, in general, is that @RequestMapping methods need to be public. Can they also be private? If so when would we use this?

The reason why I am asking this is that I noticed that @RequestMapping worked on private methods as well. Why is this so?

Is it because spring access these methods through reflections so access modifiers aren't really considered? Is this a bug or a feature that has uses?

Ambur answered 28/5, 2018 at 9:49 Comment(10)

Possible duplicate of Why does Spring allow controller annotated request mappings on private methods? – March 28/5, 2018 at 9:52

@RafałSokalski doesn't really answer the question, i.e. why does Spring allow it. I suspect it's an oversight / not seen as necessary. It's really the programmer's fault. – Maragaret 28/5, 2018 at 9:56

Java does not provide a mechanism for limiting the target of annotations based on access modifier – March 28/5, 2018 at 9:57

@RafałSokalski very well quoted from the question you linked, still doesn't answer anything. – Maragaret 28/5, 2018 at 9:57

Why not ? He asked why it works on private methods and there is an answer – March 28/5, 2018 at 9:59

@RafałSokalski it's the wrong answer. It's not that Java allows annotations on private methods that's the issue, it's that Spring allows those annotation on private methods. It could easily prevent them. – Maragaret 28/5, 2018 at 10:0

That's right @Kayaman. My mistake – March 28/5, 2018 at 10:5

Raised an issue here jira.spring.io/projects/SPR/issues/SPR-16878. Probably a duplicate. But well hoping for a response from them someday. – Ambur 28/5, 2018 at 10:57

Well that was fast: Resolved, Works as Designed... – Maragaret 28/5, 2018 at 11:12

Thanks for asking. This was source of confusion when I saw my IDE pointing out an annotated method as candidate for deletion (never used anywhere) – Quietly 1/8, 2019 at 8:48

Now the real reason (if one exists) is hard to say without getting into the heads of the Spring developers, and because this was implemented quite a while ago.

I would guess that this was an oversight, as there's not a significant advantage in using private methods as targets for request mapping. Sure, you can't call them from your other code anymore, but if you're calling controller methods from your code, you deserve all the problems you get.

This link describes an interesting situation where the request mapping works for a package private method, but since AOP only works for public methods the result is confusion and destruction. There's also 4 (four!) places given where a fix could be applied to prevent non-public methods from being targets of @RequestMapping.

So I would classify this as a (minor) bug. Now it's up to the programmers to stay on their toes and remember to make those methods public. I'll see if I can find an existing bug ticket for this.

Maragaret answered 28/5, 2018 at 10:37 Comment(0)

As responded by pivotal in the JIRA ISSUE

This indeed works as designed. We generally don't restrict visibility declarations on reflective methods, leaving that choice up to the developer. That said, for this particular case, I would recommend public declarations or potentially package-visible declarations (without a visibility keyword), with private handler methods actually being more of a niche effect here.

Ambur answered 28/5, 2018 at 11:13 Comment(0)

Years later:

One perspective for private but annotated methods is the following:

The return value type, the parameter types (and thrown exception types) of public methods are supposed to be public as well. If you don't want your parameters and return values to be public (in the java member visibility sense), private methods are one way express this.

Unbuckle answered 19/9 at 10:57 Comment(0)

Recommended topics

Hot tags