Spring Boot interviews test Java fundamentals alongside Spring-specific knowledge: dependency injection, REST API design, JPA/Hibernate, security, and production-readiness. Senior-level interviews also probe architectural decisions, performance considerations, and trade-offs. Here's a guide to the questions and depth of answers that will distinguish you in a Spring Boot interview.
Core Java Fundamentals You Must Know
"What is the difference between == and .equals() in Java?" == compares references โ it checks whether two variables point to the exact same object in memory. .equals() compares object content โ it checks whether two objects are logically equivalent. For String s1 = "hello"; String s2 = "hello";, s1 == s2 may be true because Java interns string literals, but s1 == new String("hello") is false. For all objects other than primitive types, you should use .equals() for content comparison. Classes should override .equals() (and hashCode() โ they must be consistent) when logical equality differs from reference equality.
"Explain Java's garbage collection." Java's garbage collector automatically reclaims memory from objects that are no longer reachable. The heap is divided into generations: Young generation (most objects are allocated here and collected frequently in minor GCs), Old generation (long-lived objects are promoted here and collected in major GCs), and Metaspace (class metadata). Modern GCs (G1GC default in Java 9+, ZGC for low-latency requirements) perform garbage collection concurrently with application threads to minimize stop-the-world pauses. Understanding GC is important for Spring Boot services: tuning heap sizes, identifying memory leaks through heap dump analysis, and choosing the right GC algorithm for your latency requirements.
Spring Boot Core Concepts
"What is Spring's IoC container and how does Dependency Injection work?" Inversion of Control (IoC) means the framework controls the flow of the program and the creation of objects, rather than your code doing it. In traditional Java, you'd write UserService service = new UserService(new UserRepository()). With Spring's DI, you declare the dependency in the class (@Autowired or constructor injection), and the Spring IoC container (ApplicationContext) creates and injects the dependency. Spring creates and manages the lifecycle of beans (Spring-managed components), wires them together based on their dependencies, and provides them wherever needed. Constructor injection is preferred over field injection because it makes dependencies explicit and enables easier testing.
"What is the difference between @Component, @Service, @Repository, and @Controller?" All four are specializations of @Component and make a class eligible for Spring's component scanning. The functional difference is semantic annotation (each communicates intent) and exception translation: @Repository tells Spring to translate persistence-layer exceptions into Spring's DataAccessException hierarchy. @Service indicates a business service. @Controller marks a web controller and is detected by @RequestMapping. Use the most specific annotation available โ it makes code more readable and enables future framework behavior attached to the specific stereotype.
REST API Design with Spring Boot
"How do you handle validation in a Spring Boot REST API?" Use JSR-303/380 Bean Validation annotations on your request DTO class: @NotNull, @NotBlank, @Email, @Size, @Min, @Max, @Pattern. Add @Valid to the method parameter in your controller. Spring automatically validates the request body and throws MethodArgumentNotValidException if validation fails. Create a @ControllerAdvice with an @ExceptionHandler for MethodArgumentNotValidException to return structured, user-friendly error responses with all validation errors collected. Custom validators can be created by implementing ConstraintValidator.
"Explain HTTP status codes and which ones are most important in REST APIs." The most important: 200 OK (successful GET/PUT), 201 Created (successful POST that creates a resource, with Location header), 204 No Content (successful DELETE or PUT with no response body), 400 Bad Request (malformed request or validation failure), 401 Unauthorized (not authenticated), 403 Forbidden (authenticated but not authorized), 404 Not Found (resource doesn't exist), 409 Conflict (state conflict โ duplicate creation), 422 Unprocessable Entity (valid syntax but semantic errors), 500 Internal Server Error (unexpected server failure). Using correct status codes is a sign of API maturity; many APIs return 200 for every response and bury errors in the body, which is incorrect.
JPA and Database Integration
"What is the N+1 query problem in JPA and how do you solve it?" The N+1 problem occurs with lazy-loaded associations: querying 100 orders executes 1 query for orders, then 100 additional queries (one per order) to load each order's customer. The solution is eager loading for the specific query using JOIN FETCH in JPQL: SELECT o FROM Order o JOIN FETCH o.customer WHERE o.status = :status. Entity Graph is another approach โ defining which associations to fetch on a per-query basis without changing the default fetch type. @BatchSize reduces N+1 from N+1 queries to a smaller number of batch queries. Never use FetchType.EAGER globally โ it loads associations everywhere, often expensively.
"What is the difference between @Transactional placed on a class vs. a method?" @Transactional on a class applies the transaction configuration to all public methods. On an individual method, it applies (or overrides the class-level annotation) for that specific method. Important nuances: Spring's transaction proxy only intercepts calls made through the proxy โ a class calling its own @Transactional method internally bypasses the proxy and the transaction. Transaction propagation (REQUIRED, REQUIRES_NEW, MANDATORY, etc.) controls how a transactional method behaves when called within an existing transaction context.
Security and Production Readiness
"How do you secure a Spring Boot REST API with JWT?" Add Spring Security. Create a JwtAuthenticationFilter that extends OncePerRequestFilter: extract the JWT from the Authorization header, validate its signature and expiration using a JWT library (JJWT or auth0/java-jwt), extract the user details, and set the authentication in the SecurityContext. Configure the SecurityFilterChain to use stateless session management (SessionCreationPolicy.STATELESS), add your JWT filter before UsernamePasswordAuthenticationFilter, and define which paths are public versus secured. The login endpoint validates credentials and issues the JWT; subsequent requests include the JWT for validation.
"What is Spring Boot Actuator and why is it important in production?" Spring Boot Actuator exposes operational endpoints for monitoring and managing a Spring Boot application. Key endpoints: /health (application health status, including database and dependency health), /metrics (performance metrics โ request counts, response times, JVM memory, GC statistics), /info (application information), /env (environment properties), /beans (all registered beans). In production, these endpoints integrate with monitoring systems like Prometheus/Grafana and health check systems. Secure actuator endpoints appropriately โ they expose internal application information that shouldn't be public. Actuator is the foundation of production observability for Spring Boot applications.