June 01, 2018

Spring Boot Interview Questions

What is Spring Boot?
Spring Boot is not a framework, it is a way to ease to create stand-alone application with minimal or zero configurations.

With Spring Boot we can develop spring based application with very less configuration. It provides defaults for code and annotation configuration to quick start new spring projects within no time.


What are the advantages and disadvantages of using Spring Boot?
Advantages:

  • Reduce Development and Testing time, which increases productivity
  • Use of JavaConfig helps avoid usage of XML.
  • Avoid lots of maven imports and the various version conflicts.
  • It avoids writing lots of boilerplate Code, Annotations and XML Configuration.
  • Provide Opinionated Development approach.
  • Quick start to development by providing defaults.
  • It provides Embedded HTTP servers like Tomcat, Jetty etc. to develop and test our web applications very easily.
  • Requires less configuration-Since there is no web.xml file. Simply add classes annotated with@Configuration and then you can add methods annotated with@Bean, and Spring will automatically load up the object and manage it like it always has. You can even add @Autowired to the bean method to have Spring autowire in dependencies needed for the bean.
  • Environment Based Configuration-Using these properties, you can pass into the application which environment you are using with:-Dspring.profiles.active={enviornment}. Spring will then load up the subsequent application properties file at (application-{environment}.properties) after loading up the main application properties file.
Disadvantages:
It is bit difficult and time consuming process to convert existing or legacy Spring Framework projects into Spring Boot Applications.

Which build tool have you used to develop Spring Boot Application?

Spring Boot application can be developed using Maven as well as Gradle.

What is JavaConfig?

Spring JavaConfig is a product of the Spring community that provides a pure-Java approach to configuring the Spring IoC Container. It thus helps avoid using XML configurations.
The advantages of JavaConfig:
  • Object-oriented configuration: Because configurations are defined as classes in JavaConfig, users can take full advantage of object-oriented features in Java. One configuration class may subclass another, overriding its @Bean methods, etc.
  • Reduced or eliminated XML configuration: The benefits of externalized configuration based on the principles of dependency injection have been proven. However, many developers would prefer not to switch back and forth between XML and Java. JavaConfig provides developers with a pure-Java approach to configuring the Spring container that is conceptually similar to XML configuration. It is technically possible to configure the container using only JavaConfig configuration classes, however in practice many have found it ideal to mix-and-match JavaConfig with XML.
  • Type-safe and refactoring-friendly: JavaConfig provides a type-safe approach to configuring the Spring container. With generics, it is now possible to retrieve beans by type rather than by name, free of any casting or string-based lookups.
How to reload the changes on Spring Boot without having to restart server?
This can be achieved using Developer tools (Dev Tools). Once this dependency is configured, whenever any changes is made in the code, the embedded tomcat will restart. Thus, the dev tools, helps to improve the productivity of developers.

Dev tool will eliminates the need for manually deploying the changes every time. Spring Boot doesn’t have this feature when it has released it’s first version.
< dependency >
< groupId >org.springframework.boot< /groupId >
< artifactId >spring-boot-devtools< /artifactId >
< optional >true< /optional >
< /dependency >
 

What is Actuator in Spring Boot?
Actuator is one of the key feature in Spring Boot framework. It helps us to access the current state of the running application in production environment. There are several metrics that has to be checked and monitored in the production environment. Even some external applications may be using those services to trigger the alert message to concerned person. Actuator module exposes set of REST endpoints that can be directly accessed as a HTTP URL to check the status.

How to disable Actuator endpoint security in Spring Boot?
By default all sensitive HTTP endpoints are secured such that only users that have an ACTUATOR role may access them. Security is enforced using the standard HttpServletRequest.isUserInRole method.
We can disable security by using:
management.security.enabled=false

It is suggested to disable security only if the actuator endpoints are accessed behind firewall.

How to run Spring boot application to custom port?
We can specify the port in application.properties. e.g:
server.port=8090

What is YAML?
YAML is a human-readable data serialization language. It is commonly used for configuration files. Compared to properties file, YAML file is much more structured and less confusing in case we want to add complex properties in the configuration file.

How to implement security for Spring boot application?
spring-boot-starter-security dependency is used to implement security in Spring Boot. This requires very little code. The config class will have to extend WebSecurityConfigurerAdapter and override its methods.

If you are using Maven, then add below dependency in pom.xml:
 < dependency >
 < groupId > org.springframework.boot < /groupId >
 < artifactId > spring-boot-starter-security < /artifactId >
 < scope > test < /scope >
 < /dependency >


By adding the spring boot security starter dependency the basic security has already been configured by default. We can further customize the security configuration by writing our own authorization and authentication.

Let's create a new class SecurityConfig that extends the WebSecurityConfigurerAdapter and overrides its methods.

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("adminUser")
                .password("adminPass").roles("USER");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/**").authorizeRequests().anyRequest().hasRole("USER")
                .and().formLogin().loginPage("/login.jsp")
                .failureUrl("/login.jsp?error=1").loginProcessingUrl("/login")
                .permitAll().and().logout()
                .logoutSuccessUrl("/welcome.html");

    }
}


Add a new page named login.jsp. Users will get redirected to this page for adding credentials.

Whenever user tries to open http://localhost:8080/welcome.html, the control will be automatically redirected to http://localhost:8080/login.jsp. When the user enters correct credentials, they will be able to visit all the other URLs correctly.

No comments:

Post a Comment

RSSChomp Blog Directory