Spring Boot Interview Questions: Core Concepts Explained With Depth
Spring Boot has become the default way Java teams build microservices, REST APIs, and enterprise applications. Nearly every Java backend role posted today lists it as a requirement, which means it dominates the technical interview circuit. But here's the problem: most candidates memorise a list of annotations and definitions without understanding the underlying mechanics — and senior interviewers can tell within the first two minutes.
The framework exists to solve a very real pain point. Classic Spring required massive XML configuration files and a deep understanding of every wired dependency before you could even serve a 'Hello World' response. Spring Boot introduced auto-configuration, an embedded server, and opinionated defaults so that a production-ready app can go from zero to running in under five minutes. Understanding why those design decisions were made tells you everything about how to use the framework correctly.
By the end of this article you'll be able to answer the questions interviewers actually ask — not just 'what is @SpringBootApplication' but 'what does it actually do under the hood', 'how does auto-configuration decide what to wire', and 'how would you override a default when the default is wrong for your use-case'. You'll also have battle-tested code examples you can run locally to cement each concept before your interview.
What Is Spring Boot Auto-Configuration and How Does It Actually Work?
Auto-configuration is the heart of Spring Boot and the most misunderstood concept in interviews. Candidates say 'Spring Boot configures itself automatically' — but that's like saying a plane 'flies itself'. True, but it doesn't explain the mechanism, and the mechanism is what gets you hired.
When your application starts, Spring Boot scans a file called spring.factories (or AutoConfiguration.imports in Spring Boot 3+) located inside the spring-boot-autoconfigure JAR. This file lists hundreds of candidate configuration classes. Each one is annotated with @ConditionalOn* annotations — guards that say 'only activate me if certain conditions are true'. For example, DataSourceAutoConfiguration only fires if a JDBC driver class is on the classpath AND no DataSource bean is already defined.
This conditional-first design is the key insight. Auto-configuration never overrides what you explicitly define — it only fills gaps. If you define your own DataSource bean, the auto-configured one steps aside completely. This 'convention over configuration' principle lets you start fast and customise surgically when needed.
In interviews, the follow-up question is always: 'How would you debug why a particular auto-configuration isn't being applied?' The answer is running the app with --debug flag or setting logging.level.org.springframework.boot.autoconfigure=DEBUG, which prints the full auto-configuration report.
// ============================================================ // HOW AUTO-CONFIGURATION WORKS — A MINIMAL REPRODUCIBLE EXAMPLE // Run with: mvn spring-boot:run -Ddebug // Look for 'CONDITIONS EVALUATION REPORT' in the console output // ============================================================ package io.thecodeforge.autoconfigdemo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.jdbc.core.JdbcTemplate; @SpringBootApplication // @SpringBootApplication is shorthand for THREE annotations: // 1. @Configuration — this class is a source of bean definitions // 2. @EnableAutoConfiguration — scan spring.factories and apply conditional config // 3. @ComponentScan — find @Component, @Service, @Repository in this package public class AutoConfigurationDemo { public static void main(String[] args) { ConfigurableApplicationContext context = SpringApplication.run(AutoConfigurationDemo.class, args); // H2 in-memory database is on the classpath (via pom.xml) // Spring Boot auto-configured a DataSource AND a JdbcTemplate // — we never wrote a single line of DataSource config JdbcTemplate jdbcTemplate = context.getBean(JdbcTemplate.class); // Create a simple table and insert a row to prove the DB is live jdbcTemplate.execute("CREATE TABLE product (id INT, name VARCHAR(50))"); jdbcTemplate.update("INSERT INTO product VALUES (1, 'Wireless Keyboard')"); // Query back the row — auto-configured DataSource handles the connection String productName = jdbcTemplate.queryForObject( "SELECT name FROM product WHERE id = ?", String.class, 1 ); System.out.println("Auto-configured DB returned: " + productName); // OUTPUT: Auto-configured DB returned: Wireless Keyboard // Now check: if you define your OWN DataSource bean in this class, // DataSourceAutoConfiguration backs off and yours is used instead. context.close(); } } // ============================================================ // pom.xml dependencies needed for this demo: // <dependency> // <groupId>org.springframework.boot</groupId> // <artifactId>spring-boot-starter-jdbc</artifactId> // </dependency> // <dependency> // <groupId>com.h2database</groupId> // <artifactId>h2</artifactId> // <scope>runtime</scope> // </dependency> // ============================================================
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
[main] DataSourceAutoConfiguration matched:
- @ConditionalOnClass found required classes 'DataSource', 'EmbeddedDatabaseType'
- @ConditionalOnMissingBean no beans of type 'DataSource' found
Auto-configured DB returned: Wireless Keyboard
Spring Boot Beans, Scopes, and Dependency Injection — The Questions That Trip People Up
Dependency Injection (DI) is the backbone of every Spring Boot application, and interviewers love probing it because it's an area where surface-level knowledge collapses fast under follow-up questions.
A 'bean' is simply an object whose lifecycle Spring manages. You declare one with @Component, @Service, @Repository, or @Bean inside a @Configuration class. Spring's IoC (Inversion of Control) container creates it, injects its dependencies, and destroys it — you never call new on it directly. The 'inversion' is that your code no longer controls object creation; Spring does.
The three injection styles you must know are constructor injection, setter injection, and field injection. Constructor injection is the right default — it makes dependencies explicit, enables immutability with final fields, and makes classes trivially unit-testable without a Spring context. Field injection (@Autowired on a field) looks clean but hides dependencies and breaks unit testing without a Spring container running.
Bean scope controls how many instances Spring creates. The default — singleton — means one shared instance per Spring context. prototype means a fresh instance every time the bean is requested. The tricky scope interviewers love is request and session (web-only), where a new instance is created per HTTP request or user session. The classic trap: injecting a prototype bean into a singleton bean. The singleton gets created once, so it captures a single prototype instance — effectively making it a singleton too. The fix is using ObjectProvider or @Lookup.
// ============================================================ // DEPENDENCY INJECTION — THE RIGHT WAY VS THE WRONG WAY // This shows constructor injection (correct) vs field injection (avoid) // ============================================================ package io.thecodeforge.dipatterns; import org.springframework.stereotype.Service; import org.springframework.stereotype.Repository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; // ---- REPOSITORY LAYER ---- @Repository // Specialisation of @Component — also enables exception translation public class OrderRepository { public String findOrderById(Long orderId) { // In real life this hits a database; here we simulate it return "Order #" + orderId + " [Wireless Keyboard x2]"; } } // ---- WRONG WAY: Field injection ---- // @Service // public class BadOrderService { // @Autowired // Hidden dependency — can't unit test without Spring context // private OrderRepository orderRepository; // } // ---- RIGHT WAY: Constructor injection ---- @Service // Specialisation of @Component — signals this holds business logic public class OrderService { // 'final' enforces that this dependency can never be swapped out after construction // This is IMPOSSIBLE with field injection — a major safety advantage private final OrderRepository orderRepository; // Spring detects a single constructor and injects automatically (no @Autowired needed in Spring 4.3+) public OrderService(OrderRepository orderRepository) { this.orderRepository = orderRepository; } public String getOrderDetails(Long orderId) { return orderRepository.findOrderById(orderId); } } // ---- SCOPE DEMO ---- // Each call to context.getBean(AuditToken.class) returns a FRESH instance @Component @Scope("prototype") // Default is 'singleton' — override here for new-instance-per-request public class AuditToken { private final long createdAt = System.currentTimeMillis(); public long getCreatedAt() { return createdAt; } } // ---- HOW TO TEST OrderService WITHOUT SPRING ---- // This is WHY constructor injection wins: // // class OrderServiceTest { // @Test // void shouldReturnOrderDetails() { // OrderRepository mockRepo = Mockito.mock(OrderRepository.class); // Mockito.when(mockRepo.findOrderById(42L)).thenReturn("Order #42 [Monitor]"); // // OrderService service = new OrderService(mockRepo); // No Spring needed! // assertEquals("Order #42 [Monitor]", service.getOrderDetails(42L)); // } // }
Order #42 [Monitor]
// Prototype scope demo output:
AuditToken 1 createdAt: 1718000000000
AuditToken 2 createdAt: 1718000000001
// Different timestamps prove two separate instances were created
Spring Boot REST APIs — Annotations, Response Handling, and Exception Strategy
Building REST APIs is the most common Spring Boot use case, and interviewers test whether you understand the full request-response lifecycle — not just that @GetMapping exists.
The controller layer is where HTTP meets your application logic. @RestController is a shortcut for @Controller + @ResponseBody, which means every method's return value is serialised directly to the HTTP response body (usually as JSON via Jackson). Without @ResponseBody, Spring would try to resolve the return value as a view name — which is correct for server-side rendering but wrong for REST APIs.
ResponseEntity gives you full control over the HTTP response: body, status code, and headers. Returning a plain object gives you a 200 OK with the object as the body, which is fine for the happy path. But for error cases, partial results, or custom headers (like Location after a POST), ResponseEntity is essential.
Exception handling done right uses @ControllerAdvice — a single class that intercepts exceptions from all controllers globally. This keeps controllers clean of try/catch blocks and centralises your error response format. The anti-pattern is handling exceptions inside each controller method with try/catch — it's repetitive, inconsistent, and breaks the Single Responsibility Principle.
@ExceptionHandler inside @ControllerAdvice maps a specific exception type to a response. Every production app should have one, returning a consistent error envelope (timestamp, status, message, path) that API consumers can reliably parse.
// ============================================================ // PRODUCTION-STYLE REST CONTROLLER WITH GLOBAL EXCEPTION HANDLING // Shows @RestController, ResponseEntity, @ControllerAdvice pattern // ============================================================ package io.thecodeforge.restdemo; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import org.springframework.web.context.request.WebRequest; import java.time.Instant; import java.util.HashMap; import java.util.Map; // ---- CUSTOM EXCEPTION ---- class ProductNotFoundException extends RuntimeException { private final Long productId; public ProductNotFoundException(Long productId) { super("Product not found with id: " + productId); this.productId = productId; } public Long getProductId() { return productId; } } // ---- SIMPLE DTO ---- record ProductResponse(Long id, String name, double priceGbp) {} // ---- CONTROLLER ---- @RestController // = @Controller + @ResponseBody — return values go to response body, not a view @RequestMapping("/api/v1/products") // Base path for all methods in this controller public class ProductController { // GET /api/v1/products/42 @GetMapping("/{productId}") public ResponseEntity<ProductResponse> getProduct(@PathVariable Long productId) { // Simulate a database lookup — throw domain exception if not found if (productId != 1L) { throw new ProductNotFoundException(productId); // Caught by @ControllerAdvice below } ProductResponse product = new ProductResponse(1L, "Wireless Keyboard", 49.99); // ResponseEntity lets us control status code AND headers, not just the body return ResponseEntity.ok(product); // 200 OK + JSON body } // POST /api/v1/products — returns 201 Created with Location header @PostMapping public ResponseEntity<ProductResponse> createProduct(@RequestBody ProductResponse newProduct) { // In real life: save to DB, get generated ID back ProductResponse saved = new ProductResponse(99L, newProduct.name(), newProduct.priceGbp()); return ResponseEntity .status(HttpStatus.CREATED) // 201, not 200 .header("Location", "/api/v1/products/" + saved.id()) // Tell client where the new resource lives .body(saved); } } // ---- GLOBAL EXCEPTION HANDLER ---- @RestControllerAdvice // = @ControllerAdvice + @ResponseBody — intercepts ALL controllers class GlobalExceptionHandler { // Maps ProductNotFoundException to a 404 response with a structured error body @ExceptionHandler(ProductNotFoundException.class) public ResponseEntity<Map<String, Object>> handleProductNotFound( ProductNotFoundException ex, WebRequest request) { // Consistent error envelope — every client gets the same predictable shape Map<String, Object> errorBody = new HashMap<>(); errorBody.put("timestamp", Instant.now().toString()); errorBody.put("status", 404); errorBody.put("error", "Not Found"); errorBody.put("message", ex.getMessage()); errorBody.put("path", request.getDescription(false).replace("uri=", "")); return ResponseEntity.status(HttpStatus.NOT_FOUND).body(errorBody); } // Catch-all for anything we didn't anticipate — never expose stack traces to clients @ExceptionHandler(Exception.class) public ResponseEntity<Map<String, Object>> handleGenericException(Exception ex) { Map<String, Object> errorBody = new HashMap<>(); errorBody.put("timestamp", Instant.now().toString()); errorBody.put("status", 500); errorBody.put("error", "Internal Server Error"); errorBody.put("message", "An unexpected error occurred"); // Never expose ex.getMessage() here return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(errorBody); } }
{
"id": 1,
"name": "Wireless Keyboard",
"priceGbp": 49.99
}
// GET /api/v1/products/99 → 404 Not Found
{
"timestamp": "2024-06-10T14:32:01.123Z",
"status": 404,
"error": "Not Found",
"message": "Product not found with id: 99",
"path": "/api/v1/products/99"
}
// POST /api/v1/products → 201 Created
// Location header: /api/v1/products/99
{
"id": 99,
"name": "Mechanical Mouse",
"priceGbp": 34.99
}
Spring Boot Configuration, Profiles, and Externalized Properties — What Interviewers Really Want to Know
Configuration management is where junior and senior engineers visibly diverge. Juniors hardcode database URLs. Seniors use profiles, property files, and environment variables in the right order of precedence.
Spring Boot's application.properties (or application.yml) is the first place configuration lives. Any value there can be injected with @Value("${property.key}") or — better for groups of related config — @ConfigurationProperties(prefix = "..."). The @ConfigurationProperties approach binds an entire block of properties to a typed Java class, giving you validation, IDE autocomplete, and a single source of truth.
Profiles solve the 'different config per environment' problem. application-dev.properties activates only when the dev profile is active. application-prod.properties activates in production. You switch profiles with spring.profiles.active=prod — via an environment variable, JVM argument, or property file. The critical rule: never put secrets (passwords, API keys) in property files that get committed to source control. Use environment variables or a secrets manager like AWS Secrets Manager or HashiCorp Vault, which Spring Cloud Config integrates with natively.
The Spring Boot property source precedence order is something interviewers test explicitly: environment variables beat application.properties, which beats @PropertySource defaults. Knowing the order means you can diagnose 'why is my app using the wrong database URL in production' in under a minute.
// ============================================================ // @ConfigurationProperties — THE PRODUCTION-GRADE CONFIG PATTERN // Binds a whole block of properties to a strongly-typed class // ============================================================ package io.thecodeforge.configdemo; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.bind.DefaultValue; import org.springframework.context.annotation.Profile; import org.springframework.stereotype.Component; import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.Positive; // Maps all properties with prefix 'payment.gateway' to this class // application-dev.properties → payment.gateway.url=https://sandbox.pay.example.com // application-prod.properties → payment.gateway.url=https://api.pay.example.com @ConfigurationProperties(prefix = "payment.gateway") public class PaymentGatewayConfig { @NotBlank(message = "Payment gateway URL must not be blank") // Validated at startup private String url; @Positive private int timeoutSeconds; private String apiKey; // In real life: injected from env var, never from a property file // Standard getters and setters (or use Lombok @Data) public String getUrl() { return url; } public void setUrl(String url) { this.url = url; } public int getTimeoutSeconds() { return timeoutSeconds; } public void setTimeoutSeconds(int timeoutSeconds) { this.timeoutSeconds = timeoutSeconds; } public String getApiKey() { return apiKey; } public void setApiKey(String apiKey) { this.apiKey = apiKey; } } // ---- Enable it in your main config class ---- // @SpringBootApplication // @EnableConfigurationProperties(PaymentGatewayConfig.class) // Registers the binding // public class App { ... } // ---- HOW TO USE IT IN A SERVICE ---- // @Service // public class PaymentService { // private final PaymentGatewayConfig gatewayConfig; // // public PaymentService(PaymentGatewayConfig gatewayConfig) { // this.gatewayConfig = gatewayConfig; // } // // public void processPayment(double amount) { // System.out.println("Connecting to: " + gatewayConfig.getUrl()); // System.out.println("Timeout: " + gatewayConfig.getTimeoutSeconds() + "s"); // // ... call payment API // } // } // ---- application-dev.properties ---- // payment.gateway.url=https://sandbox.pay.example.com // payment.gateway.timeout-seconds=10 // payment.gateway.api-key=${PAYMENT_API_KEY} <-- reads from env var at runtime // ---- application-prod.properties ---- // payment.gateway.url=https://api.pay.example.com // payment.gateway.timeout-seconds=5 // payment.gateway.api-key=${PAYMENT_API_KEY} <-- SAME pattern, different env var value // Activate dev profile: java -jar app.jar --spring.profiles.active=dev // Activate prod profile: SPRING_PROFILES_ACTIVE=prod java -jar app.jar
Connecting to: https://sandbox.pay.example.com
Timeout: 10s
// With spring.profiles.active=prod and PAYMENT_API_KEY=sk_live_xyz789:
Connecting to: https://api.pay.example.com
Timeout: 5s
// If payment.gateway.url is missing entirely, startup FAILS with:
// BindValidationException: payment.gateway.url — must not be blank
// This is GOOD — fail fast at startup beats failing at runtime during a payment
| Aspect | @Value Injection | @ConfigurationProperties |
|---|---|---|
| Use case | Single, isolated property | Group of related properties (e.g. database, payment gateway) |
| Type safety | Limited — String conversion is implicit and silent | Full — binds to typed fields with compiler support |
| Validation support | None out of the box | Full JSR-303 validation with @Validated |
| IDE autocomplete | No | Yes — with spring-boot-configuration-processor dependency |
| Refactoring safety | Fragile — rename breaks silently at runtime | Safe — compile-time references via the config class |
| Best for | Quick, one-off values in small apps | Any production app with more than 2-3 config values |
| Testability | Requires Spring context or reflection hacks | Easily instantiated as a plain Java object in tests |
🎯 Key Takeaways
- Auto-configuration is conditional, not magical — it uses @ConditionalOnClass and @ConditionalOnMissingBean guards, and your explicit bean definitions always win
- Constructor injection isn't just style preference — it enables immutability, makes dependencies visible, and lets you write unit tests without starting a Spring context
- @ConfigurationProperties over @Value for any group of related config — you get type safety, validation at startup, and IDE autocomplete for free
- Global exception handling via @RestControllerAdvice is non-negotiable in production — it centralises error formatting and keeps controllers focused on the happy path only
⚠ Common Mistakes to Avoid
- ✕Mistake 1: Using field injection (@Autowired on a field) everywhere — Symptom: unit tests fail with NullPointerException because the field is null without a Spring context — Fix: switch to constructor injection so dependencies are explicit, mandatory, and mockable without Spring
- ✕Mistake 2: Ignoring bean scope when injecting prototype into singleton — Symptom: your 'new instance each time' prototype bean behaves like a singleton because the singleton captured it at startup — Fix: inject ObjectProvider
instead and call provider.getObject() each time you need a fresh instance - ✕Mistake 3: Committing secrets to application.properties in source control — Symptom: API keys or database passwords exposed in your Git history, often only discovered after a breach — Fix: use the ${ENV_VAR_NAME} placeholder pattern in properties files so the actual secret value lives only in the environment at runtime, never in code
Interview Questions on This Topic
- QWhat does @SpringBootApplication actually do under the hood, and what three annotations does it combine?
- QHow does Spring Boot auto-configuration decide whether to apply a configuration class — and how would you debug a situation where an expected auto-configuration is not being applied?
- QIf you have a prototype-scoped bean injected into a singleton-scoped bean, what is the bug and how do you fix it without changing the singleton's scope?
Frequently Asked Questions
What is the difference between @Component, @Service, and @Repository in Spring Boot?
All three are specialisations of @Component and trigger the same bean registration behaviour. The difference is semantic and functional: @Repository additionally enables Spring's persistence exception translation (converting database-specific exceptions into Spring's DataAccessException hierarchy). @Service signals business logic layer with no extra behaviour. Use the right one for the right layer — it makes intent clear and some tools (like Spring Data) use @Repository detection internally.
What is the difference between Spring and Spring Boot?
Spring is the core framework — IoC container, AOP, data access, security, and more. Spring Boot is a layer on top that provides auto-configuration, an embedded web server, starter POMs, and opinionated defaults so you can get a production-ready app running without manual configuration. Spring Boot doesn't replace Spring; it accelerates and simplifies how you use it. Think of Spring as the engine and Spring Boot as the car that comes with the engine already installed and tuned.
How do you disable a specific auto-configuration class in Spring Boot?
Use the exclude attribute on @SpringBootApplication: @SpringBootApplication(exclude = {DataSourceAutoConfiguration.class}). This is useful when you have a dependency on the classpath that triggers auto-configuration you don't want — for example, if you're using a custom DataSource setup and want to prevent Spring Boot from creating its own. You can also exclude by class name string using excludeName if you don't want the import on the classpath.
Written and reviewed by senior developers with real-world experience across enterprise, startup and open-source projects. Every article on TheCodeForge is written to be clear, accurate and genuinely useful — not just SEO filler.