Real-Time Spring Boot Interview Questions (All In One)
This comprehensive guide compiles a massive list of real-world, scenario-based interview questions and answers for Spring Boot developers, covering everything from core mechanics to advanced microservices architectures.
1. Core Mechanics & Auto-Configuration
Q: What does the @SpringBootApplication annotation do internally?
A: It is a shortcut annotation that combines three critical annotations:
@Configuration: Tells Spring the class has bean definitions.@EnableAutoConfiguration: Allows Spring Boot to automatically set up the application based on the libraries present on the classpath.@ComponentScan: Instructs Spring to look for other components, configurations, and services in the current package and its sub-packages.
Q: How do you tell an auto-configuration to back away when a custom bean already exists?
A: You use the @ConditionalOnMissingBean annotation. For example, if you are creating a custom auto-configuration for a DataSource, you annotate the bean method with @ConditionalOnMissingBean(DataSource.class). This ensures that if the developer manually defines a DataSource bean, Spring Boot's auto-configuration will step back and not override it.
Q: Can we create a non-web application in Spring Boot?
A: Yes. Spring Boot is not just for web projects; it can be used for batch processing or running background scripts. If you don't include web dependencies (like spring-boot-starter-web), it will not start an embedded server. You can implement CommandLineRunner or ApplicationRunner to execute your logic immediately after the application starts.
Q: How does Spring Boot make Dependency Injection (DI) easier compared to traditional Spring?
A: In traditional Spring, you had to manually define beans and their wiring in complex XML files or using verbose annotations. Spring Boot simplifies this through Component Scanning and Auto-Configuration. It intelligently scans the classpath, discovers what is needed, and automatically registers and wires the beans for you, greatly reducing boilerplate setup code.
Q: What does it mean that Spring Boot supports "Relaxed Binding"?
A: Relaxed binding means Spring Boot is flexible in how configuration properties are named. For instance, the property server.port can be written as server.port, server-port, server_port, or SERVER_PORT. Spring Boot understands all these variations map to the same internal property, making it easier to use environment variables and different OS naming conventions without changing code.
Q: How do you get the list of all the beans in your Spring Boot application?
A: You autowire the ApplicationContext into your class. Then, you call applicationContext.getBeanDefinitionNames(), which returns an array of strings representing the names of all the beans registered in the context.
2. Microservices & Communication
Q: How would you handle inter-service communication in a microservice architecture?
A: * Direct/Synchronous: Use RestTemplate or WebClient for simple, two-way communication. For complex interactions with multiple services, use Feign Client to make the code cleaner.
- Asynchronous: When immediate responses are not necessary, use message brokers like RabbitMQ or Apache Kafka. This decouples the services, creating a flexible and robust communication system where services can publish and subscribe to events without waiting.
Q: Imagine you are interfacing with multiple external APIs. How would you handle API rate limits and failures?
A: I would implement a Circuit Breaker (like Resilience4j) to prevent cascading failures. I would use Rate Limiting to ensure I don't exceed the external API's allowed quotas. Additionally, I would add a retry mechanism with exponential backoff for temporary network glitches, and heavily utilize caching to reduce the total number of outbound requests.
Q: How do you manage externalized configuration and secure sensitive properties across microservices?
A: I would use Spring Cloud Config Server. It acts as a centralized repository (often backed by Git) that serves configurations to all microservices upon request. For sensitive settings like database passwords, I would integrate it with a secure vault (like HashiCorp Vault) or ensure the values are encrypted so they aren't exposed in plain text.
Q: How is Session Management handled in distributed systems?
A: Storing sessions in server memory fails in distributed systems because users might hit different servers via load balancers. I would use Spring Session to externalize session data to a shared storage location, like a Redis cache or a database. This ensures that no matter which server processes the request, the user's session remains consistent.
3. Performance Optimization & Caching
Q: Explain the caching mechanism in Spring Boot and how to implement it.
A: Caching acts as a memory layer to store the results of expensive operations (like heavy DB queries) so subsequent requests fetch data instantly.
Implementation: Add the spring-boot-starter-cache dependency. Use @EnableCaching on the main class. Annotate specific methods with @Cacheable. To manage the cache lifecycle, use @CacheEvict (to delete stale data) and @CachePut (to update). You can use providers like Redis or EhCache.
Q: What is the difference between Cache Eviction and Cache Expiration?
A: * Cache Eviction: Removing data to free up space based on a policy like LRU (Least Recently Used). It manages the size of the cache.
- Cache Expiration: Removing data because it is too old based on a Time-To-Live (TTL) setting. It ensures data freshness.
Q: If your application is taking too long to respond, what strategies would you use to optimize performance?
A: 1. Caching: Implement caching for frequently accessed, read-heavy data.
2. Database Tuning: Optimize queries, ensure proper indexing, and use connection pooling.
3. Asynchronous Tasks: Use @Async for non-critical operations (like sending emails) to unblock the main thread.
4. Load Balancing: Add more instances and a load balancer to distribute traffic.
5. WebFlux: For massively concurrent connections, rewrite endpoints using Spring WebFlux for non-blocking reactive processing.
4. Security & Authentication
Q: Explain the difference between Authentication and Authorization.
A: * Authentication: Verifies who you are (checking your identity via a username/password or token).
- Authorization: Verifies what you are allowed to do (checking permissions and roles to restrict access to specific endpoints or data).
Q: How would you secure a Spring Boot application using JSON Web Tokens (JWT)?
A: When a user logs in, the server generates a JWT containing user details/roles and signs it securely. This token is returned to the client. For all subsequent requests, the client sends this token in the HTTP header. The server intercepts the request, validates the token's signature, and grants access without needing to query the database for the user's session state. This makes the application highly scalable and stateless.
Q: How do you secure Actuator endpoints?
A: Actuator endpoints expose sensitive application health and metrics. To secure them:
- Limit exposure via properties so only necessary endpoints (like
/health) are accessible over the web. - Integrate Spring Security to require authentication to hit the actuator URLs.
- Restrict access using role-based checks (e.g., only users with the
ACTUATOR_ADMINrole). - Always serve this traffic over HTTPS.
5. Architecture, Deployment, & Reactive Programming
Q: How do you implement a "Soft Delete" feature in a Spring Boot application?
A: I would add a deleted boolean column (or a deleted_at timestamp) to the database entity. Instead of physically removing the record with a SQL DELETE, I would execute an UPDATE to flip the flag to true. In the repository layer, I would customize queries (or use Hibernate's @Where annotation) to automatically filter out records where deleted=true. This retains data for auditing while hiding it from the application.
Q: How do you resolve a "Whitelabel Error Page"?
A: The Whitelabel error page appears when a URL isn't mapped to a controller or an unhandled exception occurs. To resolve it:
- Verify controller
@RequestMappingpaths. - Create a custom HTML file named
error.htmlin thesrc/main/resources/public/errordirectory. - Implement a global exception handler using
@ControllerAdviceto catch errors and return structured, user-friendly JSON or custom views instead of the default page.
Q: How do you build a non-blocking reactive REST API handling high concurrent volumes?
A: I would use Spring WebFlux. Instead of returning standard objects, my controllers would return reactive types: Mono (for 0-1 item) or Flux (for multiple items). I would also use Reactive Repositories (like R2DBC) for database interaction. This entire stack uses an event-loop model, which handles massive concurrency using very few threads, ensuring the API remains highly responsive without blocking.
Q: What is Spring Boot DevTools?
A: It is a developer utility that makes coding faster. It automatically restarts the application context whenever code changes are saved (saving manual restart time) and triggers LiveReload in the browser when static resources (HTML/CSS) are updated.
Q: How do you deploy a Spring Boot application as a JAR vs. WAR?
A: * JAR: Spring Boot natively packages apps as executable JARs with embedded servers. You run mvn package and launch it with java -jar app.jar.
- WAR: To deploy to an external server (like a standalone Tomcat), you change the
<packaging>tag inpom.xmltowar, make the main class extendSpringBootServletInitializer, runmvn package, and place the resulting WAR file in the external server'swebappsfolder.