So you've got a Spring Boot interview coming up? First off, don't panic. I've been through this myself – sweaty palms and all – when prepping for my Java backend roles. These days, you can't swing a cat in the Java world without hitting Spring Boot questions. They're everywhere. Let me save you some headaches by sharing what actually matters.
See, most articles just throw random questions at you. Not helpful when you're cramming at midnight. What you need is context: why do they ask this stuff? How do real teams use these features? That gap is what we'll fix here.
Core Concepts Interviewers Obsess Over
Look, if you don't understand these foundations, no amount of memorization will save you. I've seen candidates crash and burn here repeatedly.
What exactly is Spring Boot, and why should we care?
Spring Boot's essentially your lazy developer best friend. Remember the old XML configuration hell? Boot kills that. It's all about convention over configuration. You get sensible defaults so you can focus on business logic instead of plumbing code. Companies love it because projects launch faster – I've seen teams cut setup time by 70% using starters.
How's it different from plain Spring Framework?
Spring Boot sits on top of Spring Framework like a turbocharger. While Spring gives you components, Boot adds:
- Auto-configuration (no more manual bean setups)
- Embedded servers (Tomcat/Jetty out the box)
- Opinionated starter POMs (dependency management that actually works)
- Production-ready features like metrics and health checks
Last year, I migrated a legacy Spring app to Boot. The config files alone shrunk from 1,200 lines to 200. Magic.
| Feature | Spring Framework | Spring Boot |
|---|---|---|
| Configuration | Manual XML/Java config | Auto-configuration magic |
| Server Setup | Requires external deployment | Embedded Tomcat/Jetty |
| Dependency Mgmt | Manual version resolution | Starter POMs with curated versions |
| Production Monitoring | Requires additional setup | Actuator endpoints included |
Auto-Configuration: The Secret Sauce
This is where most interviews get technical. Auto-configuration feels like wizardry – until it breaks. Interviewers love asking:
How does Spring Boot decide what to configure automatically?
It’s all about conditional beans. Boot scans your classpath and says: "Hey, I see H2 in dependencies? Must be testing mode". It checks:
- What libraries you included (
@ConditionalOnClass) - Whether you defined your own beans (
@ConditionalOnMissingBean) - Your environment properties (
@ConditionalOnProperty)
Once at a fintech startup, auto-configuration broke because someone added Redis JAR accidentally. Took us two days to debug. Lesson: understand the magic.
Starter Dependencies: The Good and Bad
Starters simplify dependency hell but come with pitfalls. Expect questions like:
What happens when you include spring-boot-starter-web?
You're basically pulling in an entire universe:
- Embedded Tomcat (default server)
- Spring MVC (for web layers)
- Jackson (JSON serialization)
- Validation API
- Logback logging
The dark side? Dependency creep. I’ve seen bloated WAR files because teams didn’t realize starters bundle optional libraries.
| Starter | What It Adds | Common Use Cases |
|---|---|---|
| spring-boot-starter-data-jpa | Hibernate, Spring Data JPA, connection pooling | Database-heavy apps |
| spring-boot-starter-security | Spring Security, authentication filters | Apps needing login/auth |
| spring-boot-starter-test | JUnit, Mockito, Spring Test | Unit & integration tests |
| spring-boot-starter-actuator | Health checks, metrics, endpoints | Production monitoring |
Honestly, some starters are overkill. For microservices, I often cherry-pick dependencies instead.
Configuration Deep Dive
This trips up mid-level developers constantly. Let's demystify it.
application.properties vs application.yml – which is better?
Personal rant: I hate YAML. Indentation errors ruin lives. But technically:
- .properties: Simpler, harder to mess up
- .yml: Supports hierarchies (great for complex setups)
Interviewers care about hierarchical binding. For example, in YAML:
server:
port: 8080
tomcat:
max-threads: 200
Versus flat properties: server.port=8080, server.tomcat.max-threads=200
Profiles: More Than Just dev vs prod
Everyone knows basic profiles. But interviewers dig deeper:
How would you implement a multi-region deployment profile?
Beyond dev/prod, create profiles like us-east, eu-central. In code:
@Configuration
@Profile("us-east")
public class USConfig {
// AWS specific beans
}
Then activate via: spring.profiles.active=us-east,cloud
At my last gig, we used this for region-specific API keys. Works like a charm.
Data Access Patterns That Actually Matter
Database questions separate juniors from seniors. Focus on practicalities.
Compare Spring Data JPA repositories vs raw JDBC templates
JPA repositories are great for CRUD:
- Automatic queries from method names
- Pagination/sorting out-of-box
- But... N+1 problems everywhere
JDBC Template gives control:
- Handcrafted SQL for complex joins
- Better performance in bulk ops
- Steeper learning curve
I default to JPA but drop to JDBC Template for reporting queries. Hybrid approach wins.
| Method Signature | Generated SQL |
|---|---|
findByLastName(String name) |
WHERE last_name = ? |
findByAgeGreaterThan(int age) |
WHERE age > ? |
findByStatusOrderByCreatedDesc(Status status) |
WHERE status = ? ORDER BY created DESC |
Transaction Pitfalls Nobody Talks About
Gotcha question incoming:
Why did my @Transactional method not roll back despite throwing exception?
Classic! Two culprits:
- Checked exceptions: By default, Spring rolls back only on unchecked exceptions. Fix:
@Transactional(rollbackFor = IOException.class) - Self-invocation: Calling method within same class bypasses proxy. Fix: Use AspectJ weaving or externalize call
I debugged this once where a payment service didn't rollback. The client was furious. Learn from my pain.
Security Interview Questions That Stump People
Security questions reveal real experience. Prepare for curveballs.
How would you implement JWT authentication in Spring Boot?
Step-by-step:
- Add
spring-boot-starter-security - Create JwtUtil class for token generation/parsing
- Extend OncePerRequestFilter to validate tokens
- Configure WebSecurityConfigurerAdapter:
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .addFilterBefore(jwtFilter(), UsernamePasswordAuthenticationFilter.class) .authorizeRequests() .antMatchers("/login").permitAll() .anyRequest().authenticated(); } }
Tip: Never store unencrypted secrets in properties files. Use environment variables.
OAuth2 Complexity Demystified
When they ask OAuth questions, they're testing architecture sense.
Explain authorization code flow vs client credentials flow
Authorization Code Flow:
- For user logins (web apps)
- Redirects to auth provider (Google/GitHub)
- Gets code, exchanges for token
- Machine-to-machine (microservices)
- Uses client ID/secret directly
- No user involvement
I prefer client creds for service-to-service calls. Fewer moving parts.
Testing Traps and Triumphs
Testing questions expose candidates who only write happy-path code.
How do you test a Spring Boot REST controller?
Two main approaches:
- @WebMvcTest: Slices only web layer. Faster. Use for controller logic:
@WebMvcTest(UserController.class) public class UserControllerTest { @Autowired MockMvc mvc; @Test void returns404ForInvalidUser() throws Exception { mvc.perform(get("/users/999")) .andExpect(status().isNotFound()); } } - @SpringBootTest: Full context startup. Better for integration tests but slower.
Pro tip: Avoid full context tests when possible. They're slow and fragile.
Mocking Done Right
This question filters juniors:
When would you use @MockBean vs @Mock?
- @Mock (Mockito): Plain mock for unit tests without Spring
- @MockBean (Spring Boot): Replaces/injects mock into Spring context
Translation: Use @Mock in plain unit tests. Use @MockBean when testing Spring components needing mocked dependencies.
I once spent hours debugging because someone used @Mock instead of @MockBean in an integration test. Don't be that person.
Production-Ready Concerns
Senior roles always cover operations. Actuator is your Swiss Army knife.
What Actuator endpoints would you expose publicly?
Never expose all endpoints! Sensible defaults:
/health: Liveness/readiness probes/info: Build version details/metrics: Performance counters (behind auth)- Block: env, beans, configmaps (security risks!)
Configure in application.properties:
management.endpoints.web.exposure.include=health,info management.endpoint.health.show-details=when_authorized
| Endpoint | Purpose | Security Risk Level |
|---|---|---|
| /health | App health status | Low (expose publicly) |
| /env | Shows ALL configuration | High (never expose) |
| /beans | Lists all Spring beans | Medium (debug only) |
| /mappings | API endpoint routes | Low |
Deployment Dilemmas Solved
Deployment questions reveal if you've shipped real products.
JAR vs WAR packaging: When to use each?
- JAR (executable): Default. Contains embedded server. Run via
java -jar app.jar. Perfect for microservices. - WAR: Deploys to external servers like Tomcat. Use ONLY for legacy environments or shared hosting.
Fun fact: I once converted a 2GB WAR to executable JAR. Startup time dropped from 4 minutes to 25 seconds.
Docker Best Practices
If you mention Docker, brace for follow-ups:
How do you optimize Spring Boot Docker builds?
Layer caching is key:
# Stage 1: Build with Maven FROM maven:3-jdk-11 AS build COPY pom.xml . RUN mvn dependency:go-offline COPY src/ ./src/ RUN mvn package # Stage 2: Slim runtime FROM openjdk:11-jre-slim COPY --from=build /target/app.jar /app.jar ENTRYPOINT ["java","-jar","/app.jar"]
Notice the dependency caching? That trick saved my CI pipeline 8 minutes per build.
Advanced Curveball Questions
For senior roles, expect these mind-benders:
How would you troubleshoot a memory leak in a Spring Boot app?
- Check Actuator
/heapdump(download HPROF file) - Analyze in Eclipse MAT or VisualVM
- Suspects: Caching libraries (Ehcache), thread locals, poor session cleanup
- Enable GC logging:
-Xlog:gc*:file=gc.log
Last production fire I fought? Leaking MongoDB connection pool. Never again.
Pro Tip: Always ask interviewers about THEIR Spring Boot challenges. Shows engagement and often reveals what they truly care about.
FAQ: Burning Spring Boot Interview Questions
What are the most common Spring Boot interview questions?
- Auto-configuration internals
- Starter dependencies vs manual setup
- Profiles and configuration hierarchy
- Spring Boot Actuator usage
- Testing strategies for controllers/services
How to handle version conflicts in starters?
Override in pom.xml:
Check effective dependencies with:com.fasterxml.jackson.core jackson-databind 2.12.3
mvn dependency:tree
How to disable default Spring Boot security?
@SpringBootApplication(exclude = {
SecurityAutoConfiguration.class
})
But really – don't. Secure your apps properly.
Look, acing Spring Boot interview questions isn't about memorization. It's about connecting concepts to real scars. When they ask about starters, talk about dependency bloat you've fixed. When they mention auto-configuration, share debugging war stories. That authenticity beats scripted answers anytime.
Go build something gnarly with Boot. Nothing prepares you like breaking stuff.