Prevent @bean method being public if it should not be

Fix the violation that classes are exposed outside their defined visibility scope.

Signed-off-by: Yanming Zhou <[email protected]>

Author: quaff

buildSrc/src/main/java/org/springframework/boot/build/architecture/ArchitectureRules.java

@@ -98,6 +98,7 @@ static List<ArchRule> standard() {
 		rules.add(methodLevelConfigurationPropertiesShouldNotSpecifyOnlyPrefixAttribute());
 		rules.add(conditionsShouldNotBePublic());
 		rules.add(allConfigurationPropertiesBindingBeanMethodsShouldBeStatic());
+		rules.add(allConfigurationMethodsShouldNotBePublicIfReturnTypeOrParameterTypeIsNotPublic());
 		return List.copyOf(rules);
 	}
 
@@ -319,6 +320,30 @@ private static ArchRule allConfigurationPropertiesBindingBeanMethodsShouldBeStat
 			.allowEmptyShould(true);
 	}
 
+	private static ArchRule allConfigurationMethodsShouldNotBePublicIfReturnTypeOrParameterTypeIsNotPublic() {
+		return methodsThatAreAnnotatedWith("org.springframework.context.annotation.Bean")
+			.should(check("not be public if return type is not public or any of parameter types is not public",
+					ArchitectureRules::configurationMethodsShouldNotBePublicIfReturnTypeOrParameterTypeIsNotPublic))
+			.allowEmptyShould(true);
+	}
+
+	private static void configurationMethodsShouldNotBePublicIfReturnTypeOrParameterTypeIsNotPublic(JavaMethod item,
+			ConditionEvents events) {
+		if (!item.getModifiers().contains(JavaModifier.PUBLIC)) {
+			return;
+		}
+		boolean violated = !item.getReturnType().toErasure().getModifiers().contains(JavaModifier.PUBLIC);
+		if (!violated) {
+			violated = item.getParameterTypes()
+				.stream()
+				.anyMatch((parameterType) -> !parameterType.toErasure().getModifiers().contains(JavaModifier.PUBLIC));
+		}
+		if (violated) {
+			addViolation(events, item, item.getDescription()
+					+ " should not be public if return type is not public or any of parameter types is not public");
+		}
+	}
+
 	private static boolean containsOnlySingleType(JavaType[] types, JavaType type) {
 		return types.length == 1 && type.equals(types[0]);
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/availability/AvailabilityProbesAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -59,7 +59,7 @@ public ReadinessStateHealthIndicator readinessStateHealthIndicator(
 	}
 
 	@Bean
-	public AvailabilityProbesHealthEndpointGroupsPostProcessor availabilityProbesHealthEndpointGroupsPostProcessor(
+	AvailabilityProbesHealthEndpointGroupsPostProcessor availabilityProbesHealthEndpointGroupsPostProcessor(
 			Environment environment) {
 		return new AvailabilityProbesHealthEndpointGroupsPostProcessor(environment);
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveCloudFoundryActuatorAutoConfiguration.java

@@ -107,7 +107,7 @@ public CloudFoundryInfoEndpointWebExtension cloudFoundryInfoEndpointWebExtension
 
 	@Bean
 	@SuppressWarnings("removal")
-	public CloudFoundryWebFluxEndpointHandlerMapping cloudFoundryWebFluxEndpointHandlerMapping(
+	CloudFoundryWebFluxEndpointHandlerMapping cloudFoundryWebFluxEndpointHandlerMapping(
 			ParameterValueMapper parameterMapper, EndpointMediaTypes endpointMediaTypes,
 			WebClient.Builder webClientBuilder,
 			org.springframework.boot.actuate.endpoint.web.annotation.ControllerEndpointsSupplier controllerEndpointsSupplier,

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.java

@@ -111,7 +111,7 @@ public CloudFoundryInfoEndpointWebExtension cloudFoundryInfoEndpointWebExtension
 
 	@Bean
 	@SuppressWarnings("removal")
-	public CloudFoundryWebEndpointServletHandlerMapping cloudFoundryWebEndpointServletHandlerMapping(
+	CloudFoundryWebEndpointServletHandlerMapping cloudFoundryWebEndpointServletHandlerMapping(
 			ParameterValueMapper parameterMapper, EndpointMediaTypes endpointMediaTypes,
 			RestTemplateBuilder restTemplateBuilder,
 			org.springframework.boot.actuate.endpoint.web.annotation.ServletEndpointsSupplier servletEndpointsSupplier,

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/jmx/JmxEndpointAutoConfiguration.java

@@ -92,7 +92,7 @@ public JmxEndpointDiscoverer jmxAnnotationEndpointDiscoverer(ParameterValueMappe
 
 	@Bean
 	@ConditionalOnMissingBean(value = EndpointObjectNameFactory.class, search = SearchStrategy.CURRENT)
-	public DefaultEndpointObjectNameFactory endpointObjectNameFactory(MBeanServer mBeanServer) {
+	DefaultEndpointObjectNameFactory endpointObjectNameFactory(MBeanServer mBeanServer) {
 		String contextId = ObjectUtils.getIdentityHexString(this.applicationContext);
 		return new DefaultEndpointObjectNameFactory(this.properties, this.jmxProperties, mBeanServer, contextId);
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/metrics/MetricsAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2022 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -56,7 +56,7 @@ public Clock micrometerClock() {
 	}
 
 	@Bean
-	public static MeterRegistryPostProcessor meterRegistryPostProcessor(ApplicationContext applicationContext,
+	static MeterRegistryPostProcessor meterRegistryPostProcessor(ApplicationContext applicationContext,
 			ObjectProvider<MetricsProperties> metricsProperties,
 			ObjectProvider<MeterRegistryCustomizer<?>> meterRegistryCustomizers,
 			ObjectProvider<MeterFilter> meterFilters, ObjectProvider<MeterBinder> meterBinders) {

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/metrics/amqp/RabbitMetricsAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2022 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@
 public class RabbitMetricsAutoConfiguration {
 
 	@Bean
-	public static RabbitConnectionFactoryMetricsPostProcessor rabbitConnectionFactoryMetricsPostProcessor(
+	static RabbitConnectionFactoryMetricsPostProcessor rabbitConnectionFactoryMetricsPostProcessor(
 			ApplicationContext applicationContext) {
 		return new RabbitConnectionFactoryMetricsPostProcessor(applicationContext);
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/metrics/data/RepositoryMetricsAutoConfiguration.java

@@ -72,7 +72,7 @@ public MetricsRepositoryMethodInvocationListener metricsRepositoryMethodInvocati
 	}
 
 	@Bean
-	public static MetricsRepositoryMethodInvocationListenerBeanPostProcessor metricsRepositoryMethodInvocationListenerBeanPostProcessor(
+	static MetricsRepositoryMethodInvocationListenerBeanPostProcessor metricsRepositoryMethodInvocationListenerBeanPostProcessor(
 			ObjectProvider<MetricsRepositoryMethodInvocationListener> metricsRepositoryMethodInvocationListener) {
 		return new MetricsRepositoryMethodInvocationListenerBeanPostProcessor(
 				SingletonSupplier.of(metricsRepositoryMethodInvocationListener::getObject));

spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/web/annotation/AbstractWebEndpointIntegrationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -725,7 +725,7 @@ private void load(Consumer<T> contextCustomizer, String endpointPath,
 	protected static class TestEndpointConfiguration {
 
 		@Bean
-		public TestEndpoint testEndpoint(EndpointDelegate endpointDelegate) {
+		TestEndpoint testEndpoint(EndpointDelegate endpointDelegate) {
 			return new TestEndpoint(endpointDelegate);
 		}
 
@@ -846,7 +846,7 @@ NullDeleteResponseEndpoint nullDeleteResponseEndpoint() {
 	protected static class ResourceEndpointConfiguration {
 
 		@Bean
-		public ResourceEndpoint resourceEndpoint() {
+		ResourceEndpoint resourceEndpoint() {
 			return new ResourceEndpoint();
 		}
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/cache/CacheAutoConfiguration.java

@@ -69,7 +69,7 @@ public CacheManagerCustomizers cacheManagerCustomizers(ObjectProvider<CacheManag
 	}
 
 	@Bean
-	public CacheManagerValidator cacheAutoConfigurationValidator(CacheProperties cacheProperties,
+	CacheManagerValidator cacheAutoConfigurationValidator(CacheProperties cacheProperties,
 			ObjectProvider<CacheManager> cacheManager) {
 		return new CacheManagerValidator(cacheProperties, cacheManager);
 	}