Spring Boot Interview Questions & Answers for 2026

Auto-configuration automatically configures Spring beans based on the dependencies present on the classpath. When you add spring-boot-starter-data-jpa, Spring Boot detects Hibernate on the classpath and automatically creates a DataSource, EntityManagerFactory, and transaction manager using values from application.properties. Auto-configuration classes are annotated with @ConditionalOnClass, @ConditionalOnMissingBean, etc., so they only activate when conditions are met. You can exclude specific auto-configuration with @SpringBootApplication(exclude = {...}) or override defaults by defining your own beans — your bean takes precedence.

All four are stereotypes that mark a class as a Spring-managed bean and are detected by component scanning. @Component is the generic annotation. The others are specialisations: @Service indicates business logic (no additional behaviour, but conveys intent). @Repository indicates a data access layer — Spring adds persistence exception translation (wrapping JPA exceptions into Spring DataAccessException). @Controller marks an MVC controller for handling HTTP requests and returning views. @RestController = @Controller + @ResponseBody, returning JSON directly. Use the specific annotations to clearly express the role of each class.

Use @ControllerAdvice (or @RestControllerAdvice for JSON responses) with @ExceptionHandler methods to handle exceptions globally across all controllers. Define handlers for specific exception types — ResourceNotFoundException returns 404, MethodArgumentNotValidException returns 400 with validation errors. This eliminates try/catch in every controller method. Return a consistent error response object with timestamp, status code, message, and path. Spring Boot also provides a ProblemDetail object (RFC 7807) for standardised error responses since Spring 6. Configure server.error.include-message=always for development.

Spring Data JPA generates repository implementations from interfaces extending JpaRepository<Entity, ID>. You get CRUD methods for free. You can declare query methods by following a naming convention: findByLastName(String name), findByAgeGreaterThan(int age) — Spring parses the method name and generates the query automatically. For complex queries use @Query with JPQL or native SQL. For dynamic queries use Specifications or Querydsl. Paging and sorting are supported via Pageable parameter. Spring Data eliminates boilerplate DAO code — a full repository with dozens of query methods requires only an interface.

Spring Security is a framework for authentication, authorisation, and protection against common attacks (CSRF, session fixation). For JWT-based stateless API security: create a JwtAuthenticationFilter extending OncePerRequestFilter that reads the Authorization header, validates the JWT, and sets the SecurityContext. Configure SecurityFilterChain to be stateless (SessionCreationPolicy.STATELESS), disable CSRF, and add your filter before UsernamePasswordAuthenticationFilter. Define a UserDetailsService that loads users from the database. The filter runs on every request, validates the token, and sets the authenticated user — no session is maintained on the server.

@Transactional is Spring's declarative transaction management — annotate a service method and Spring proxies the class to start a transaction before the method and commit or roll back after. It handles nested transactions via propagation settings (REQUIRED, REQUIRES_NEW, NESTED). The default rollback behaviour is rollback on unchecked (Runtime) exceptions but not checked exceptions — you can customise with rollbackFor. Manual transaction management using PlatformTransactionManager gives fine-grained control but is verbose. Always prefer @Transactional on the service layer. Do not annotate repository methods directly as Spring Data already manages transactions for standard CRUD.

Spring Boot reads configuration from application.properties or application.yml. Values are injected with @Value("${property.name}") or bound to a class with @ConfigurationProperties. Profiles allow different configurations per environment: application-dev.yml, application-prod.yml. Activate a profile with SPRING_PROFILES_ACTIVE=prod environment variable or --spring.profiles.active=prod argument. Production-sensitive properties (DB passwords, API keys) should come from environment variables or a secrets manager, not committed config files. @Profile annotation on @Bean methods or @Configuration classes enables environment-specific beans.