Spring beans belonging to packages that are not included in a @ComponentScan configuration will not be accessible in the Spring Application Context. Therefore, it's likely to be a configuration mistake that will be detected by this rule.

Note: the @ComponentScan is implicit in the @SpringBootApplication annotation, case in which Spring Boot will auto scan for components in the package containing the Spring Boot main class and its sub-packages.

Noncompliant Code Example

@Configuration
@ComponentScan("com.mycompany.app.beans")
public class Application {
...
}

package com.mycompany.app.web;

@Controller
public class MyController { // Noncompliant; MyController belong to "com.mycompany.app.web" while the ComponentScan is looking for beans in "com.mycompany.app.beans" package
...
}

Compliant Solution

If you are not using SpringBoot:

@Configuration
@ComponentScan({"com.mycompany.app.beans","com.mycompany.app.web"})
or
@ComponentScan(basePackages= "com.mycompany.app")
public class Application {
...
}

package com.mycompany.app.web;

@Controller
public class MyController { // Compliant; "com.mycompany.app.web" is referenced by a @ComponentScan annotated class
...
}

If you are using SpringBoot:

package com.mycompany.app;

@SpringBootApplication
public class Application {
...
}

package com.mycompany.app.web;

@Controller
public class MyController { // Compliant; "com.mycompany.app.web" is taken into account by @SpringBootApplication annotation which is in the package "com.mycompany.app"
...
}