Will It Vibe logoWill It Vibe?
SPRING-012Medium severity-8 points

Spring AOP annotation on a private method

Part of Code Quality & Syntax, which counts for 20% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.

What it detects

@Transactional, @Async, @Cacheable, @CacheEvict, or @CachePut is placed on a private method. Spring implements these through a proxy around the bean, and a proxy cannot intercept a private (or otherwise non-overridable) method, so the annotation is silently a no-op: no transaction boundary, no async dispatch, no caching actually happens.

Why it matters

Spring implements @Transactional, @Async, @Cacheable, @CacheEvict, and @CachePut through a proxy wrapped around the bean. A proxy can only intercept calls that arrive from outside the bean through a public (or otherwise overridable) method, so the annotation on a private method is silently a no-op: no transaction boundary is opened, no async dispatch happens, no caching occurs, and nothing in the code or logs shows that it did not work.

How to fix it

Make the method package-private, protected, or public (matching this class's existing access-level conventions) so the proxy can intercept it, or extract the annotated logic into a separate bean method that is called from outside, since Spring AOP also cannot intercept self-invocation (a call to `this.method()` from within the same class bypasses the proxy even for a public method).

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Code Quality & Syntax checks