Annotation Type RestrictedApi

public @interface RestrictedApi
Restrict this method to callsites with a allowlist annotation.

Callers that are not allowlisted will cause a configurable compiler diagnostic. Allowlisting can either allow the call outright, or make the compiler emit a warning when the API is called. Paths matching a regular expression, e.g. unit tests, can also be excluded.

The following example shows a hypothetical, potentially unsafe method. It is marked with the @RestrictedApi annotations such that callers annotated with @LegacyUnsafeFooBar raise a warning, whereas the @ReviewedFooBar annotation silently allows the call.

The @LegacyUnsafeFooBar annotation can be used to allow existing call sites until they are refactored, while prohibiting new call-sites. Call-sites determined to be acceptable, for example through code review, could be marked @ReviewedFooBar.

 public {@literal @}interface LegacyUnsafeFooBar{}

 public {@literal @}interface ReviewedFooBar{
  public string reviewer();
  public string comments();

 public class Foo {
   {@literal @}RestrictedApi(
      explanation="You could shoot yourself in the foot with if you aren't careful",
      allowedOnPath="testsuite/.*", // Unsafe behavior in tests is ok.
      allowlistAnnotations = {ReviewedFooBar.class},
      allowlistWithWarningAnnotations = {LegacyUnsafeFooBar.class})
   public void bar() {
      if (complicatedCondition) {
      } else {
   boolean complicatedCondition = true;

   {@literal @}ReviewedFooBar(
      comments="Makes sure complicatedCondition isn't true, so bar is safe!"
   public void safeBar() {
      if (!complicatedCondition) {

   {@literal @}LegacyUnsafeFooBar
   public void someOldCode() {
      // ...
      // ...
  • Element Details

    • explanation

      String explanation
      Explanation why the API is restricted, to be inserted into the compiler output.
    • link

      String link
      Link explaining why the API is restricted
    • allowedOnPath

      String allowedOnPath
      Allow the restricted API on paths matching this regular expression.

      Leave empty (the default) to enforce the API restrictions on all paths.

    • whitelistAnnotations

      @Deprecated Class<? extends Annotation>[] whitelistAnnotations
    • allowlistAnnotations

      Class<? extends Annotation>[] allowlistAnnotations
      Allow calls to the restricted API in methods or classes with this annotation.
    • whitelistWithWarningAnnotations

      @Deprecated Class<? extends Annotation>[] whitelistWithWarningAnnotations
    • allowlistWithWarningAnnotations

      Class<? extends Annotation>[] allowlistWithWarningAnnotations
      Emit warnings, not errors, on calls to the restricted API for callers with this annotation.

      This should only be used if callers should aggressively move away from this API (or change to a allowlist annotation after review). Too many warnings will lead to ALL warnings being ignored, so tread very carefully.