Spring Data repository from an internal package is visible

[thombergs]

In a module test, Spring Data repositories are added to the classpath even though they are located in an internal package.

See commented out lines in unit test https://github.com/thombergs/moduliths/blob/spring-data-sample/moduliths-sample/src/test/java/com/acme/springdata/moduleB/ModuleBTest.java.

This is because the parent package of the internal package is scanned for Spring Data repositories and thus the repositories in the sub-package are also found.

Perhaps this is something we have to live with since I can't think of a way to exclude certain sub-packages (except perhaps by explicitly marking them as internal with an annotation?).

[odrotbohm]

This works as currently designed. Module B depends on Module A and you bootstrap the integration test in direct dependencies mode. That causes both module to be fully bootstrapped and thus of course the internal bean instance being both created (can't change because otherwise the downstream beans in module A cannot be created) and accessible.

The latter is an interesting problem worth investigating. AFAIK, there's no way currently to tweak the ApplicationContext in a way that would reject bean lookup requests for types residing in internal packages. I guess that'd be a tricky thing to achieve, as you might have components inside a module that implement ApplicationContextAware and would like to access internal ones the way you do in the test. I.e. whether the lookup is valid or not depends on the call site arrangement (from within the same module or not). That said, you'd always be able to find the beans by asking for a common super type though, as preventing that would break all generic BeanPostProcessor instances.

So, I think the explicit modules.verify() call should be enough as it would also detect the reference to the internal but public type in production code, even if hidden inside that context.getBean(…) arrangement.