https://devops-monk.com/categories/spring-boot/Recent content in Spring Boot on Devops MonkHugoen-usSun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-kafka-transactional-outbox/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-kafka-transactional-outbox/Publishing an event to Kafka after saving to the database looks simple. It has a subtle, dangerous flaw: if the Kafka publish fails after the DB commit, or the app crashes between the two, your event is lost and your data is inconsistent. The Transactional Outbox Pattern solves this by writing the event to the database in the same transaction as the business data, then publishing to Kafka separately. This guide covers the pattern, the implementation, and idempotent consumers.https://devops-monk.com/2026/05/spring-boot-graalvm-native-images/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-graalvm-native-images/Spring Boot applications running as GraalVM native images start in milliseconds, use a fraction of the memory, and fit in tiny containers. The tradeoff is a longer build time. In 2026, with Spring Boot 4 and GraalVM 24, native images are production-ready for most Spring applications. This guide covers everything: what Spring AOT does, how to build your first native image, how to fix the common issues, and how to add native builds to CI.https://devops-monk.com/2026/05/spring-boot-auto-configuration-deep-dive/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-auto-configuration-deep-dive/“Spring Boot is magic” is something you hear a lot. Add spring-boot-starter-data-jpa and suddenly you have a working DataSource, a JpaTransactionManager, and a LocalContainerEntityManagerFactoryBean — without writing a single @Bean method. Understanding how this actually works turns the magic into a tool you can control, debug, and extend. The Entry Point: @EnableAutoConfiguration @SpringBootApplication is a shorthand for three annotations: @Configuration @EnableAutoConfiguration // this is the one that matters here @ComponentScan public class MyApplication { public static void main(String[] args) { SpringApplication.https://devops-monk.com/2026/05/spring-boot-owasp-security/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-owasp-security/The OWASP Top 10 lists the most critical web application security risks. Spring Boot apps have their own common failure patterns: exposed Actuator endpoints, secrets in properties files, SQL built from string concatenation, and Spring Security misconfiguration. This guide covers the vulnerabilities that actually appear in Spring Boot applications and how to fix each one. 1. SQL Injection SQL injection remains one of the most critical vulnerabilities. It allows attackers to manipulate database queries.https://devops-monk.com/2026/05/spring-ai-rag-application/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-ai-rag-application/Spring AI 1.0 GA shipped in May 2025. It brings the Spring programming model to AI development: a unified ChatClient API that works across Claude, OpenAI, Gemini, Ollama, and Azure OpenAI — switching AI providers is changing one dependency. This guide builds a complete RAG (Retrieval-Augmented Generation) application that answers questions about your documentation using any AI provider. What Is RAG? A large language model (LLM) knows everything in its training data but nothing about your specific documents, code, or business data.https://devops-monk.com/2026/05/spring-boot-migration-guide/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-migration-guide/Many teams are still running Spring Boot 2.7.x. Spring Boot 2.x reached end of life in November 2023, which means no more security patches. The jump to 4.0 is two generations, and the breaking changes are real — but they are also well-documented and mostly automatable. This guide walks through the migration in stages: 2.x → 3.0 first, then 3.x incremental updates, then 4.0. Each section lists what breaks and how to fix it.https://devops-monk.com/2026/05/spring-boot-4-complete-guide/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-4-complete-guide/Spring Boot 4.0 was released on November 20, 2025. It is built on Spring Framework 7 and represents the most significant shift in the Spring ecosystem since the Jakarta EE migration in Spring Boot 3. The headline change is full modularisation — the single spring-boot-autoconfigure JAR has been split into 70+ granular modules. But that is just the start. This guide covers every change that matters, what breaks on upgrade, and what is genuinely new and useful.https://devops-monk.com/2026/05/spring-boot-actuator-prometheus-grafana/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-actuator-prometheus-grafana/Spring Boot Actuator exposes production-ready operational endpoints — health checks, metrics, environment info, thread dumps — out of the box. Combined with Prometheus and Grafana, you get a full monitoring stack with minimal configuration. This guide covers everything from initial setup to Kubernetes health probes, custom metrics, and securing your management endpoints. Setup Dependencies <dependencies> <!-- Actuator --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <!-- Micrometer Prometheus registry --> <dependency> <groupId>io.micrometer</groupId> <artifactId>micrometer-registry-prometheus</artifactId> <scope>runtime</scope> </dependency> </dependencies> Basic configuration # application.https://devops-monk.com/2026/05/spring-boot-caching-caffeine-redis/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-caching-caffeine-redis/Caching reduces database load and response latency. Spring Boot’s cache abstraction lets you add caching with annotations, then swap the implementation (Caffeine, Redis, multi-level) without changing your business code. This guide covers Caffeine for in-JVM caching, Redis for distributed caching, and a multi-level cache that combines both. Spring Cache Abstraction Spring’s cache abstraction uses three annotations: Annotation Behaviour @Cacheable Cache the return value. On subsequent calls, return from cache without executing the method.https://devops-monk.com/2026/05/spring-boot-docker-guide/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-docker-guide/There are three ways to containerise a Spring Boot application: a naive single-stage Dockerfile, a proper multi-stage Dockerfile with layered JARs, and Cloud Native Buildpacks. Each has different tradeoffs in build speed, image size, and maintenance overhead. This guide covers all three approaches, explains why layered JARs matter for CI/CD speed, and shows how to produce small, secure, production-ready images. The Problem with the Naive Dockerfile Most tutorials show this:https://devops-monk.com/2026/05/spring-boot-observability-stack/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-observability-stack/Observability means you can answer “what is wrong and why” from your system’s outputs alone — without adding new instrumentation after an incident. It requires three types of data: metrics (what happened), traces (why it happened), and logs (the details). Spring Boot 4 ships a single OpenTelemetry starter that covers all three. This guide shows how to wire up the complete observability stack: Prometheus + Grafana for metrics, Grafana Tempo for distributed tracing, and Grafana Loki for logs.https://devops-monk.com/2026/05/spring-boot-jpa-performance/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-jpa-performance/JPA makes database access simple. It also makes it dangerously easy to write code that fires 100 SQL queries to load 10 records. The N+1 problem alone has caused more production performance incidents than almost any other JPA issue. This guide covers how to find and fix the five most common JPA performance problems: N+1 queries, LazyInitializationException, over-fetching, poor connection pool sizing, and Hibernate 6 breaking changes. Enable SQL Logging First Before optimizing anything, see exactly what queries are firing:https://devops-monk.com/2026/05/spring-boot-microservices-full-stack/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-microservices-full-stack/Building microservices requires more than splitting a monolith into services. You need service discovery, a gateway to route traffic, centralised configuration management, and resilience patterns to handle inevitable failures. Spring Cloud provides all of this as a cohesive stack. This guide builds a complete microservices architecture from scratch: Eureka for service discovery, Spring Cloud Gateway for routing, Spring Cloud Config Server for centralised config, and Resilience4j for circuit breakers and retry.https://devops-monk.com/2026/05/spring-boot-oauth2-jwt-security/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-oauth2-jwt-security/Zero-trust API security means every request is validated independently — no session state, no “trusted network” assumptions. A JWT bearer token is issued by an authorisation server, signed cryptographically, and validated on every API call. The API never calls back to the authorisation server during validation; it verifies the token’s signature locally. This guide covers the complete setup: dependencies, resource server configuration, token validation (both symmetric and asymmetric), extracting claims, role-based access control, method-level security, and the Spring Security 7 changes that break existing setups.https://devops-monk.com/2026/05/spring-boot-kubernetes-guide/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-kubernetes-guide/Running Spring Boot on Kubernetes is not just packaging the app in a container and deploying it. You need to configure health probes correctly, handle graceful shutdown so in-flight requests don’t get dropped, manage configuration without baking secrets into images, and make sure the JVM respects container memory limits. This guide covers the production-critical Kubernetes configuration for Spring Boot applications. Health Probes Kubernetes uses three probe types to manage pod lifecycle:https://devops-monk.com/2026/05/spring-boot-testcontainers/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-testcontainers/Testcontainers spins up real Docker containers for your tests — a real PostgreSQL database, a real Redis, a real Kafka broker. No more mocking JDBC connections or in-memory H2 databases that behave differently from production. Spring Boot 3.1 added @ServiceConnection, which removes the boilerplate of configuring connection URLs manually. This guide covers the right patterns for fast, reliable integration tests with Testcontainers. Why Testcontainers Over H2 Teams use H2 in-memory databases for testing because it’s fast.https://devops-monk.com/2026/05/spring-boot-virtual-threads/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-virtual-threads/Virtual Threads landed in Java 21 as a stable feature, and Spring Boot 3.2 added first-class support with a single property. The promise: write simple blocking code and get WebFlux-level throughput. The reality is mostly true — with some important exceptions. This article covers what Virtual Threads actually are, how to enable them in Spring Boot, real benchmark numbers, the three pitfalls that will silently destroy your performance, and a decision framework for when to use them (and when not to).https://devops-monk.com/2026/05/spring-boot-vs-quarkus/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-vs-quarkus/Every year, someone asks: “Should we use Spring Boot or Quarkus?” In 2026, both frameworks are mature, both run natively, and both work well on Kubernetes. The differences come down to developer experience, ecosystem size, and specific performance characteristics. This is an honest comparison with real numbers, not marketing claims. The Frameworks at a Glance Spring Boot 4 (November 2025): Built on Spring Framework 7. The de-facto standard for enterprise Java.https://devops-monk.com/2026/05/spring-modulith-guide/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-modulith-guide/Microservices solve real problems: independent deployability, team autonomy, technology flexibility. They also create real problems: distributed transactions, network latency, operational complexity. Many teams split into microservices too early, before they understand their domain well enough to draw stable boundaries. Spring Modulith gives you module boundaries, enforced isolation, and event-driven decoupling inside a single deployable JAR. It’s the pragmatic middle ground. The Modular Monolith Problem It Solves A typical Spring Boot monolith looks like this after a year:https://devops-monk.com/2026/05/spring-boot-interview-questions/Sun, 03 May 2026 00:00:00 +0000https://devops-monk.com/2026/05/spring-boot-interview-questions/These are the questions that actually come up in Spring Boot interviews — at startups, scale-ups, and large enterprises. Each answer explains the concept clearly, with the level of depth an interviewer expects from a mid-level or senior developer. Questions are grouped by topic. For junior roles, focus on sections 1–3. For senior roles, everything here is fair game. Section 1: Core Fundamentals Q1. What is the difference between Spring and Spring Boot?