Spring AOP annotation on a private method
Part of Code Quality & Syntax, which counts for 20% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
@Transactional, @Async, @Cacheable, @CacheEvict, or @CachePut is placed on a private method. Spring implements these through a proxy around the bean, and a proxy cannot intercept a private (or otherwise non-overridable) method, so the annotation is silently a no-op: no transaction boundary, no async dispatch, no caching actually happens.
Why it matters
Spring implements @Transactional, @Async, @Cacheable, @CacheEvict, and @CachePut through a proxy wrapped around the bean. A proxy can only intercept calls that arrive from outside the bean through a public (or otherwise overridable) method, so the annotation on a private method is silently a no-op: no transaction boundary is opened, no async dispatch happens, no caching occurs, and nothing in the code or logs shows that it did not work.
How to fix it
Make the method package-private, protected, or public (matching this class's existing access-level conventions) so the proxy can intercept it, or extract the annotated logic into a separate bean method that is called from outside, since Spring AOP also cannot intercept self-invocation (a call to `this.method()` from within the same class bypasses the proxy even for a public method).
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo