Potential false-positive with S2230 as of spring 6.0

Finn_Herpich · September 24, 2024, 12:21pm

With SonarLint 10.9.0.79423 and SonarQube v10.5.1 (90531) here at work.

The rule S2230 states

Marking a non-public method @Async or @Transactional is misleading because Spring does not recognize non-public methods, and so makes no provision for their proper invocation. Nor does Spring make provision for the methods invoked by the method it called

However, since Spring 6.0 this may not be true anymore Using @Transactional :: Spring Framework

The @Transactional annotation is typically used on methods with public visibility. As of 6.0, protected or package-visible methods can also be made transactional for class-based proxies by default.

I’ve just tested this with a small evaluator and can confirm what the spring 6.0 doc says, that @Transactional indeed did work on a package-private method.

I mean the test was pretty stupid, but I think it shows that things changed any maybe the rule must be adapter?

Throws no session exception:

    //@Transactional
    void someMethod() {
        MyEntity myEntity = new MyEntity();
        myEntityRepository.save(myEntity);

        MyEntity reloaded = myEntityRepository.getReferenceById(myEntity.getId());
        String name = reloaded.getName();
    }

Works:

    @Transactional
    void someMethod() {
        MyEntity myEntity = new MyEntity();
        myEntityRepository.save(myEntity);

        MyEntity reloaded = myEntityRepository.getReferenceById(myEntity.getId());
        String name = reloaded.getName();
    }

Colin · September 24, 2024, 12:26pm

Hey there.

I believe you’re facing this known issue, can you confirm? [SONARJAVA-4881] - Jira

If so I’ll link your post to that ticket.

Finn_Herpich · September 24, 2024, 12:36pm

Oh yes! My bad, that’s totally it

system · October 1, 2024, 12:36pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.