https://blog.devops-monk.com/tags/spring-boot/Recent content in Spring-Boot on Devops MonkHugoen-usSat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/junit5-lifecycle-annotations/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/junit5-lifecycle-annotations/The biggest performance factor in a Testcontainers test suite is how many times you start and stop containers. Start a PostgreSQL container once per JVM and your tests add 2 seconds to total CI time. Start it once per test method and 50 tests cost 100 seconds. Understanding Testcontainers lifecycle management is how you write fast tests without sacrificing isolation. This article covers all the container lifecycle options in JUnit 5 — from the simplest @Container annotation to the singleton pattern that shares one container across your entire test suite.https://blog.devops-monk.com/tutorials/testcontainers/mysql-testing/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/mysql-testing/MySQL is still the most widely deployed relational database in Java applications. Its SQL dialect, strict mode behavior, and character set handling differ from both H2 and PostgreSQL in ways that matter for real applications. This article covers MySQL testing with Testcontainers — from basic setup to MySQL-specific features and the STRICT_TRANS_TABLES mode that catches data truncation bugs H2 silently ignores. What You&rsquo;ll Learn MySQLContainer setup and configuration @ServiceConnection with MySQL MySQL strict mode and why it matters for tests Character set and collation configuration Testing MySQL-specific SQL functions MariaDB as an alternative Dependencies &lt;dependency&gt; &lt;groupId&gt;org.https://blog.devops-monk.com/tutorials/testcontainers/postgresql-testing/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/postgresql-testing/Testing database code against H2 gives you a false sense of security. PostgreSQL has different behavior for ON CONFLICT, RETURNING, JSON operators, full-text search, and dozens of other features. A JPA query that works in H2 dialect may fail against real PostgreSQL. This article shows how to test your Spring Data JPA repositories, custom queries, and database constraints against a real PostgreSQL instance using Testcontainers. What You&rsquo;ll Learn @ServiceConnection — the Spring Boot 3.https://blog.devops-monk.com/tutorials/testcontainers/setup-testcontainers-java/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/setup-testcontainers-java/Setting up Testcontainers takes about five minutes. The dependencies are on Maven Central, the BOM manages all version alignment, and Spring Boot 3 has first-class support that eliminates most of the configuration boilerplate. By the end of this article, you will have a Spring Boot project with Testcontainers running, a PostgreSQL container backing your first integration test, and a clear understanding of how to add any additional container module. What You&rsquo;ll Learn How the Testcontainers BOM works and why you need it Which dependencies to add for Spring Boot, PostgreSQL, and JUnit 5 How to configure Maven and Gradle for Testcontainers tests How to set up Logback so you can see container startup logs How @ServiceConnection eliminates @DynamicPropertySource boilerplate in Spring Boot 3.https://blog.devops-monk.com/tutorials/testcontainers/singleton-containers/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/singleton-containers/With 20 integration test classes, each starting its own PostgreSQL container, you pay 20 container starts at 2 seconds each — 40 seconds of pure overhead before a single assertion runs. The singleton pattern starts one container per JVM, shares it across all test classes, and cuts that 40 seconds to 2. This is the most impactful performance optimization for large Testcontainers test suites. What You&rsquo;ll Learn The singleton pattern using a static initializer block Abstract base class design for sharing containers and @DynamicPropertySource Why you must not combine @Testcontainers/@Container with the singleton pattern Spring TestContext caching — how it works and how to maximize reuse The @ImportTestcontainers approach for Spring Boot 3.https://blog.devops-monk.com/tutorials/testcontainers/spring-boot-testing-slices/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/spring-boot-testing-slices/@SpringBootTest starts the full application context — all beans, all auto-configurations, all datasources, all message listeners. That is 10–30 seconds of startup time for every test class that needs it. Spring Boot&rsquo;s test slices load a subset of the application context — only the beans relevant to what you are testing. Repository tests that once took 15 seconds with @SpringBootTest take 2 seconds with @DataJpaTest. This article covers all the major test slices and how to combine them with Testcontainers.https://blog.devops-monk.com/tutorials/testcontainers/testcontainers-cicd/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/testcontainers-cicd/Testcontainers tests that run perfectly on your developer laptop can fail in CI for environmental reasons — Docker daemon availability, image pull timeouts, port conflicts, and resource limits. This final article covers production-ready CI/CD configuration for Testcontainers in GitHub Actions, GitLab CI, and Jenkins, plus Spring Boot 3.1&rsquo;s development-time container support. What You&rsquo;ll Learn GitHub Actions configuration for Testcontainers (zero extra setup on ubuntu-latest) GitLab CI configuration with Docker-in-Docker Jenkins configuration with Docker socket mounting TestApplication — running your app locally with containers instead of a real database .https://blog.devops-monk.com/tutorials/testcontainers/unit-integration-system-testing/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/unit-integration-system-testing/&ldquo;We have 90% test coverage&rdquo; means nothing if 90% of your tests are mocking away the parts that matter. A codebase full of unit tests that mock every dependency can have excellent coverage numbers while completely missing bugs that manifest when real components interact. Understanding the difference between unit tests, integration tests, and system tests — and when to use each — is the foundation of a test suite that actually finds bugs.https://blog.devops-monk.com/tutorials/testcontainers/what-is-testcontainers/Sat, 23 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/testcontainers/what-is-testcontainers/Your CI pipeline goes green. You deploy to staging. The application crashes on startup because Flyway migrations fail against MySQL — but all your tests used H2. Your team has seen this before. Tests that pass on every machine, fail in production. Not because the business logic was wrong, but because the test infrastructure was fake. This is the problem Testcontainers was built to solve. This article covers what Testcontainers is, why traditional approaches to integration testing fall short, and how Testcontainers gives you test environments that match production — automatically, repeatably, with no shared test database to maintain.https://blog.devops-monk.com/tutorials/spring-data-jpa/mapped-superclass/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/mapped-superclass/Introduction Almost every entity in a real application shares a few common fields: id, createdAt, updatedAt, and perhaps version. Writing these in every entity class is repetitive and error-prone. @MappedSuperclass lets you define them once in a base class that all entities extend — without creating a parent table or any inheritance mapping in the database. What Is @MappedSuperclass? @MappedSuperclass marks a class whose field mappings are inherited by subclass entities.https://blog.devops-monk.com/tutorials/spring-kafka/sendto-kafkahandler/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/sendto-kafkahandler/@SendTo — Chaining Listeners @SendTo on a @KafkaListener method automatically sends the return value to another Kafka topic. This is how you build event pipelines without manually calling KafkaTemplate.send() in your listener. flowchart LR T1["orders\n(OrderPlacedEvent)"] T2["orders-confirmed\n(OrderConfirmedEvent)"] T3["inventory-events\n(StockReservedEvent)"] T1 -->|"@KafkaListener\n@SendTo"| L1["confirmOrder()"] L1 --> T2 T2 -->|"@KafkaListener\n@SendTo"| L2["reserveStock()"] L2 --> T3 Basic @SendTo @KafkaListener(topics = &#34;orders&#34;, groupId = &#34;confirmation-service&#34;) @SendTo(&#34;orders-confirmed&#34;) public OrderConfirmedEvent onOrder(OrderPlacedEvent event) { // Return value is automatically sent to &#34;orders-confirmed&#34; return new OrderConfirmedEvent( event.https://blog.devops-monk.com/tutorials/spring-data-jpa/transactional-propagation-isolation/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/transactional-propagation-isolation/What @Transactional Does @Transactional tells Spring to wrap the annotated method in a database transaction. Spring opens the transaction before the method starts and commits (or rolls back) when it ends. The annotation works via an AOP proxy — understanding this proxy model is essential for avoiding the most common @Transactional bugs. The AOP Proxy Model Spring creates a proxy around your bean. When code outside the bean calls a @Transactional method, the call goes through the proxy, which manages the transaction:https://blog.devops-monk.com/tutorials/spring-security/actuator-security-production/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/actuator-security-production/The Actuator Security Problem Spring Boot Actuator exposes endpoints that reveal sensitive information about your application — environment variables, configuration properties, heap dumps, thread dumps, and the ability to shut down the application remotely. An exposed /actuator/env endpoint can leak database passwords, API keys, and JWT signing secrets. An exposed /actuator/shutdown is a denial-of-service button. Actuator security is not optional in production. Actuator Endpoints and Their Risk Level Endpoint Exposes Risk /actuator/health Application health Low — often public /actuator/info App metadata Low /actuator/metrics JVM/HTTP metrics Medium — business data /actuator/env All configuration properties (including secrets) Critical /actuator/configprops All @ConfigurationProperties values Critical /actuator/loggers Log levels (writable) High /actuator/heapdump Full JVM heap as a file Critical /actuator/threaddump Thread state Medium /actuator/mappings All URL mappings Medium — reveals API surface /actuator/shutdown Kills the JVM Critical /actuator/auditevents Security events High Step 1: Expose Only What You Need By default, only health is exposed over HTTP.https://blog.devops-monk.com/tutorials/spring-data-jpa/auditing/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/auditing/Why Auditing Matters Production systems must answer: &ldquo;Who changed this? When? What did it look like before?&rdquo; Without auditing infrastructure, you add created_at, updated_at, created_by, updated_by columns manually to every entity — dozens of lines of boilerplate repeated everywhere. Spring Data JPA auditing fills these fields automatically. Hibernate Envers goes further: it captures every revision of every entity in separate audit tables. Spring Data JPA Auditing Enable Auditing @Configuration @EnableJpaAuditing(auditorAwareRef = &#34;auditorProvider&#34;) public class JpaAuditingConfig { @Bean public AuditorAware&lt;String&gt; auditorProvider() { return () -&gt; Optional.https://blog.devops-monk.com/tutorials/spring-security/authentication-manager-provider/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/authentication-manager-provider/The Authentication Delegation Chain Spring Security separates requesting authentication from performing authentication. A filter receives a username and password — but it does not check them itself. It passes the request to AuthenticationManager, which delegates to one or more AuthenticationProvider instances: flowchart LR F[Authentication Filter\nForm Login / Basic / JWT] -->|UsernamePasswordToken| AM[AuthenticationManager\nProviderManager] AM -->|try each provider| AP1[DaoAuthenticationProvider\nfor DB users] AM -->|try each provider| AP2[LdapAuthenticationProvider\nfor LDAP users] AM -->|try each provider| AP3[Custom Provider\nfor API key] AP1 -->|if supported| UDS[UserDetailsService\nloadUserByUsername] UDS --> DB[(Database)] AP1 -->|verify password| PE[PasswordEncoder] AP1 -->|success| Token[Authenticated Token] Token --> F This chain is the core of Spring Security&rsquo;s extensibility — you can plug in any number of authentication mechanisms without touching the filter or the rest of the framework.https://blog.devops-monk.com/tutorials/spring-kafka/avro-schema-registry/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/avro-schema-registry/Why Avro and Schema Registry? JSON has no schema enforcement — a producer can change a field name and silently break every consumer. Avro + Schema Registry solves this: Avro gives you a compact binary format with a schema definition Schema Registry stores and versions schemas, enforces compatibility rules, and prevents breaking changes from reaching consumers flowchart LR subgraph Producer["Order Service"] E["OrderPlacedEvent"] -->|"KafkaAvroSerializer"| SR["Schema Registry\n(register/lookup schema)"] SR --> Bytes["[schema_id (4 bytes)] + [avro payload]"https://blog.devops-monk.com/tutorials/spring-data-jpa/basic-entity-mapping/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/basic-entity-mapping/Introduction Entity mapping is the process of telling Hibernate how your Java class corresponds to a database table, and how each field maps to a column. JPA provides a rich set of annotations for this — from the minimal @Entity and @Id to the detailed @Column with constraints. This article covers every annotation and attribute you need to map entities precisely and confidently. @Entity @Entity marks a class as a JPA entity — a Java object that maps to a database table.https://blog.devops-monk.com/tutorials/spring-batch/spring-batch-best-practices/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/spring-batch-best-practices/Introduction This is the final article in the Spring Batch Tutorial series. It consolidates every hard-won lesson into actionable checklists — use it as a review before deploying a new batch job to production, or as a reference when debugging an existing one. Part 1: Job Design Always design for restartability Every step that writes to a database uses idempotent SQL (ON DUPLICATE KEY UPDATE or WHERE NOT EXISTS) Every ItemReader has a unique .https://blog.devops-monk.com/tutorials/spring-data-jpa/cascade-types-orphan-removal/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/cascade-types-orphan-removal/Introduction Cascade types control which persistence operations (save, merge, delete, refresh) propagate from a parent entity to its associated children. orphanRemoval controls what happens when a child is removed from the parent&rsquo;s collection. Getting cascade wrong is one of the most common causes of unexpected deletes and data integrity issues in JPA applications. The Six Cascade Types cascade = CascadeType.PERSIST // propagate persist (save new entity) cascade = CascadeType.MERGE // propagate merge (re-attach detached entity) cascade = CascadeType.https://blog.devops-monk.com/tutorials/spring-kafka/consumer-bean-configuration/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/consumer-bean-configuration/Why @Bean Configuration? application.properties covers the common cases. But real applications need multiple listener factories — one for orders with manual acknowledgment and concurrency 3, another for analytics events with batch listening and different deserializers. @Bean configuration gives you a factory per use case, full IDE support, and the ability to wire in custom components like error handlers and interceptors. The Factory Relationship flowchart TD CF["ConsumerFactory\n(connection + deserialization config)"] LCF["ConcurrentKafkaListenerContainerFactory\n(container behaviour config)"https://blog.devops-monk.com/tutorials/spring-kafka/consumer-groups-offsets/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/consumer-groups-offsets/What Is a Consumer Group? A consumer group is a set of consumer instances that jointly consume a topic. Kafka assigns each partition to exactly one consumer within the group at a time. This is what enables parallel processing: multiple consumers in the same group read different partitions simultaneously. flowchart LR subgraph Topic["Topic: orders — 4 partitions"] P0["Partition 0"] P1["Partition 1"] P2["Partition 2"] P3["Partition 3"] end subgraph CG["Consumer Group: inventory-service"] C1["https://blog.devops-monk.com/tutorials/spring-kafka/consumer-groups/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/consumer-groups/Consumer Group Fundamentals A consumer group is how Kafka distributes work across multiple consumers. Each partition in a topic is assigned to exactly one consumer instance in the group at any given time. flowchart TB subgraph Topic["Topic: orders — 6 partitions"] P0["P0"] P1["P1"] P2["P2"] P3["P3"] P4["P4"] P5["P5"] end subgraph CG1["Group: inventory-service (3 instances)"] I1["Instance 1\nP0, P1"] I2["Instance 2\nP2, P3"] I3["Instance 3\nP4, P5"] end subgraph CG2["Group: notification-service (1 instance)"] N1["Instance 1\nP0,P1,P2,P3,P4,P5"] end P0 & P1 --> I1 P2 & P3 --> I2 P4 & P5 --> I3 P0 & P1 & P2 & P3 & P4 & P5 --> N1 Both groups receive all events — they are independent.https://blog.devops-monk.com/tutorials/spring-security/cors-configuration/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/cors-configuration/What Is CORS? The Same-Origin Policy (SOP) is a browser security rule: JavaScript on app.example.com cannot read responses from api.example.com — different subdomain, different origin. Without this, any website could use a visitor&rsquo;s authenticated session to silently call other sites on their behalf. CORS (Cross-Origin Resource Sharing) is the mechanism by which a server explicitly relaxes SOP for trusted origins. When a browser sees a cross-origin request, it checks whether the server has granted permission before allowing JavaScript to read the response.https://blog.devops-monk.com/tutorials/spring-security/csrf-protection/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/csrf-protection/What Is a CSRF Attack? Cross-Site Request Forgery (CSRF) tricks an authenticated user&rsquo;s browser into making an unintended request to your application. The attack: Alice is logged into bank.com — her browser holds a valid session cookie Alice visits evil.com evil.com contains &lt;img src=&quot;https://bank.com/transfer?to=attacker&amp;amount=5000&quot;&gt; Alice&rsquo;s browser fires the request, automatically attaching her bank.com session cookie bank.com receives an authenticated request that Alice never intended to make The attack works because browsers automatically send cookies with cross-origin requests.https://blog.devops-monk.com/tutorials/spring-data-jpa/custom-queries-jpql-native-sql/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/custom-queries-jpql-native-sql/Why @Query Exists Derived query methods (Article 17) are great for simple conditions, but they break down fast. A method like findByOrderStatusAndCustomerCityAndPriceBetweenOrderByCreatedAtDesc is unreadable and still cannot express a JOIN or aggregation. @Query lets you write the exact JPQL or SQL you need, attached directly to a repository method — keeping your repository clean while giving you full query control. JPQL vs Native SQL JPQL Native SQL Language Entity/field names Table/column names Database portable Yes No JOIN FETCH Yes No Window functions No Yes Full-text search No Yes Complex analytics Limited Full power Start with JPQL.https://blog.devops-monk.com/tutorials/spring-kafka/custom-serializers/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/custom-serializers/When to Write a Custom Serializer Spring Kafka ships JSON and Avro support. You need a custom serializer when: Your team uses Protobuf or MessagePack and wants native support You need a compact binary format for high-throughput topics (pricing ticks, sensor readings) You&rsquo;re integrating with a legacy system that publishes a fixed binary protocol You want deterministic serialization for event deduplication or content-addressed storage The Serializer and Deserializer Interfaces // org.https://blog.devops-monk.com/tutorials/spring-data-jpa/custom-type-conversions/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/custom-type-conversions/Introduction JPA handles most Java types automatically — String, Integer, LocalDate, BigDecimal. But what about a Java enum? A List&lt;String&gt; stored as JSON? A custom Money type? JPA&rsquo;s AttributeConverter and @Enumerated let you control exactly how any Java type maps to a database column. Mapping Enums with @Enumerated Java enums are common in domain models. JPA maps them with @Enumerated: public enum OrderStatus { PENDING, CONFIRMED, SHIPPED, DELIVERED, CANCELLED } public enum ProductStatus { ACTIVE, INACTIVE, DISCONTINUED } @Column(length = 20, nullable = false) @Enumerated(EnumType.https://blog.devops-monk.com/tutorials/spring-kafka/dead-letter-topics/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/dead-letter-topics/What Is a Dead Letter Topic? When a record fails processing and retries are exhausted, you have two options: skip it (losing the data) or park it somewhere for inspection and reprocessing. A dead-letter topic (DLT) is that parking lot — a Kafka topic that holds records that could not be processed, enriched with error metadata headers. flowchart LR subgraph Main["orders topic"] R1["record: offset 42\n(bad data)"] end subgraph DLT["orders.DLT topic"] R2["https://blog.devops-monk.com/tutorials/spring-data-jpa/derived-query-methods/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/derived-query-methods/Introduction Spring Data JPA can generate JPQL queries directly from method names. You declare a method like findByStatusAndPriceGreaterThan, and Spring Data parses the name, derives the query, and generates the implementation. No SQL, no @Query, no boilerplate. How Derived Query Parsing Works Spring Data JPA splits method names into a subject and a predicate: findBy Email And Status ↑ ↑ ↑ ↑ subject property operator property The subject determines the operation type (find, count, exists, delete).https://blog.devops-monk.com/tutorials/spring-data-jpa/dirty-checking-flush-modes/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/dirty-checking-flush-modes/The Persistence Context Revisited Article 3 introduced the persistence context — the in-memory cache of managed entities. This article goes deeper: how does the persistence context detect changes? When does it flush them to the database? And how can you tune this behaviour? Dirty Checking When you modify a managed entity, you don&rsquo;t call save() or update(). You simply change the field: @Transactional public void giveDiscount(Long productId, BigDecimal discount) { Product product = productRepository.https://blog.devops-monk.com/tutorials/spring-security/domain-object-acl/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/domain-object-acl/What ACLs Solve Role-based access control answers: &ldquo;Can this user perform this action?&rdquo; ACLs answer: &ldquo;Can this user perform this action on this specific object?&rdquo; Consider a document management system: Alice owns Document #42 — she can read and edit it Bob is a reviewer on Document #42 — he can read it but not edit Carol has no permission on Document #42 — she gets a 403 This cannot be expressed with roles alone.https://blog.devops-monk.com/tutorials/spring-kafka/dynamic-listeners/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/dynamic-listeners/Why Dynamic Listeners? @KafkaListener is declared at compile time. Some scenarios require listeners created at runtime: Multi-tenant SaaS — each tenant onboards to their own topic; you can&rsquo;t redeploy to add @KafkaListener for each new tenant Feature flags — enable or disable a listener without a deployment Plugin systems — modules register their own topic subscriptions when loaded Admin APIs — operators subscribe to new topics via a REST endpoint ConcurrentMessageListenerContainer The core building block is ConcurrentMessageListenerContainer — the same class @KafkaListener uses internally, but constructed and started manually:https://blog.devops-monk.com/tutorials/spring-data-jpa/embedded-types-value-objects/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/embedded-types-value-objects/Introduction Not every concept in your domain deserves its own table. An Address — street, city, state, postal code — is a value object: it has no identity of its own, it belongs to an entity. JPA&rsquo;s @Embeddable lets you model this as a separate Java class while storing it in the owning entity&rsquo;s table. What Is an Embeddable? An @Embeddable class is a Java class whose fields are mapped to columns in the owning entity&rsquo;s table — not a separate table.https://blog.devops-monk.com/tutorials/spring-data-jpa/entity-graphs-batch-loading/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/entity-graphs-batch-loading/The Problem @EntityGraph Solves JOIN FETCH in @Query solves N+1 but creates inflexibility: the fetch plan is baked into the query. Two different use cases — an order detail page (needs items + customer) and an order list page (needs only customer) — require two different queries with different JOIN FETCHes. @EntityGraph separates the fetch plan from the query. You define what to load at the call site, and Spring Data JPA generates the appropriate JOIN.https://blog.devops-monk.com/tutorials/spring-data-jpa/entity-lifecycle-states/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/entity-lifecycle-states/Introduction Every JPA entity is always in one of four states. The state determines whether Hibernate is tracking the entity, whether changes are detected automatically, and what operations are valid. Understanding these states explains a large class of JPA bugs — especially the dreaded LazyInitializationException and detached entity errors. The Four States new Customer() │ │ persist / save() ▼ TRANSIENT ──────────────────────► MANAGED (not tracked) (tracked by persistence context) │ │ evict / clear / close ▼ DETACHED (no longer tracked) │ │ merge() ▼ MANAGED (re-attached) MANAGED ─── remove / delete() ──► REMOVED (delete scheduled, still in context) 1.https://blog.devops-monk.com/tutorials/spring-kafka/error-handling-basics/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/error-handling-basics/What Happens When a Listener Throws? Without an error handler, an uncaught exception from @KafkaListener causes the container to log the error and retry the same record on the next poll — indefinitely. One bad record can block an entire partition forever. DefaultErrorHandler fixes this: it retries a configurable number of times with backoff, then calls a ConsumerRecordRecoverer (e.g. send to a dead-letter topic) and moves on. DefaultErrorHandler — The Modern API Spring Kafka 2.https://blog.devops-monk.com/tutorials/spring-data-jpa/fetch-types-eager-vs-lazy/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/fetch-types-eager-vs-lazy/Introduction Every relationship in JPA has a fetch type: either EAGER (load immediately with the parent) or LAZY (load only when accessed). The defaults are counterintuitive, and getting fetch types wrong is one of the top causes of performance problems and LazyInitializationException in JPA applications. Default Fetch Types Annotation Default fetch type Performance risk @ManyToOne EAGER Loads related entity on every query — can be expensive @OneToOne EAGER Same — loads profile/address on every customer load @OneToMany LAZY Correct default — collections are only loaded when needed @ManyToMany LAZY Correct default The defaults for @ManyToOne and @OneToOne are EAGER — a poor choice that the JPA spec made for historical reasons.https://blog.devops-monk.com/tutorials/spring-kafka/message-filtering/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/message-filtering/Why Filter at the Container Level? Multiple consumers can share a topic. The inventory service only cares about PLACED orders; the analytics service wants everything. Rather than putting if (event.getStatus() != PLACED) return; at the top of every listener, Spring Kafka lets you filter records before they reach your method — keeping business logic clean and making the filter reusable across listeners. How RecordFilterStrategy Works flowchart LR Broker -->|"poll() → [r1, r2, r3, r4]"https://blog.devops-monk.com/tutorials/spring-security/form-login/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/form-login/Form Login: The Classic Web Authentication Flow Form login is the traditional authentication mechanism for server-rendered web applications. The user fills in a username and password form, the server verifies credentials, creates a session, and returns a session cookie. All subsequent requests carry that cookie. sequenceDiagram participant Browser participant SSF as Spring Security Filters participant AM as AuthenticationManager participant SS as HTTP Session Store participant Controller Browser->>SSF: GET /dashboard (unauthenticated) SSF->>SS: Save original request (RequestCache) SSF-->>Browser: 302 Redirect to /login Browser->>SSF: GET /login SSF-->>Browser: 200 HTML login page Browser->>SSF: POST /login {username, password} SSF->>AM: authenticate(UsernamePasswordToken) AM-->>SSF: Authentication (success) SSF->>SS: Store SecurityContext in session SSF-->>Browser: 302 Redirect to /dashboard\nSet-Cookie: JSESSIONID=abc123 Browser->>SSF: GET /dashboard (JSESSIONID cookie) SSF->>SS: Load SecurityContext from session SSF->>Controller: Request with authenticated user Controller-->>Browser: 200 Dashboard HTML Minimal Configuration @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .https://blog.devops-monk.com/tutorials/spring-kafka/deserialization-errors/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/deserialization-errors/The Problem: Poison Pills at Deserialization Time A malformed byte sequence — truncated JSON, wrong Avro schema, corrupt payload — throws an exception during deserialization, before the listener method is called. Without special handling, this record blocks the partition indefinitely: the consumer fetches it, fails to deserialize, and fetches it again on the next poll. sequenceDiagram participant Broker participant Container participant Deserializer loop forever without ErrorHandlingDeserializer Container->>Broker: poll() Broker-->>Container: [good-record, CORRUPT-RECORD, good-record] Container->>Deserializer: deserialize(CORRUPT-RECORD) Deserializer-->>Container: JsonProcessingException 💥 Note over Container: Partition blocked — same record on every poll end ErrorHandlingDeserializer solves this by catching the deserialization exception and wrapping it in a DeserializationException that the listener container can route to the error handler.https://blog.devops-monk.com/tutorials/spring-security/how-spring-security-works/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/how-spring-security-works/Why Spring Security Is Hard to Learn Spring Security is not complex because the concepts are complex. Authentication and authorization are straightforward ideas. Spring Security is hard because it hides its machinery: a request comes in, something happens, an endpoint is secured or not — and without knowing the internal architecture, the behaviour feels magical and the configuration feels arbitrary. This article removes the magic. By the end, you will have the mental model needed to understand every other concept in this series.https://blog.devops-monk.com/tutorials/spring-security/http-authorization/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/http-authorization/HTTP Authorization: The Last Line of Defense AuthorizationFilter is the last filter in the Spring Security chain. After all authentication filters have run (and either set an Authentication or left it as anonymous), AuthorizationFilter makes the final access decision: allow or deny. The rules you write in authorizeHttpRequests() are evaluated in order, first match wins. flowchart TD Request[HTTP Request] --> Auth[AuthorizationFilter] Auth --> Rules{Evaluate rules\nin order} Rules -->|Rule 1 matches| Decision1{Allowed?https://blog.devops-monk.com/tutorials/spring-security/http-basic-authentication/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/http-basic-authentication/What Is HTTP Basic Authentication? HTTP Basic is the simplest authentication scheme defined in the HTTP specification (RFC 7617). The client encodes username:password in Base64 and sends it in the Authorization header with every request: Authorization: Basic YWxpY2U6c2VjcmV0 ↑ Base64(&#34;alice:secret&#34;) Important: Base64 is encoding, not encryption. Anyone who intercepts the request can decode the credentials instantly. HTTP Basic must only be used over HTTPS. sequenceDiagram participant Client as API Client participant SSF as Spring Security Filters participant AM as AuthenticationManager Client->>SSF: GET /api/data\n(no Authorization header) SSF-->>Client: 401 Unauthorized\nWWW-Authenticate: Basic realm="https://blog.devops-monk.com/tutorials/spring-kafka/idempotent-producer/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/idempotent-producer/The Duplicate Problem With acks=all and retries enabled, a produce request might be acknowledged by the broker, but the acknowledgment is lost in the network before reaching the producer. The producer, seeing no response, retries — sending the same record again. The broker writes it a second time. The consumer sees a duplicate. sequenceDiagram participant Producer participant Leader as Broker (Leader) Producer->>Leader: ProduceRequest: OrderPlaced (orderId=1001) Leader->>Leader: Write record at offset 42 ✓ Leader--xProducer: ProduceResponse LOST (network failure) Note over Producer: No ack received — retrying Producer->>Leader: ProduceRequest: OrderPlaced (orderId=1001) [RETRY] Leader->>Leader: Write record at offset 43 ✓ (DUPLICATE!https://blog.devops-monk.com/tutorials/spring-data-jpa/inheritance-strategies/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/inheritance-strategies/Introduction Object-oriented code uses inheritance to share behaviour. Relational databases have no concept of inheritance. JPA bridges this gap with three strategies for mapping a class hierarchy to tables. Understanding when each is appropriate prevents schema headaches and performance problems. The Domain Example An e-commerce system has different types of discount: Discount (abstract) ├── PercentageDiscount (e.g., 10% off) └── FixedAmountDiscount (e.g., $5 off) All discounts share: id, name, validFrom, validUntil. PercentageDiscount adds: percentage (e.https://blog.devops-monk.com/tutorials/spring-data-jpa/introduction-jpa-hibernate-spring-data/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/introduction-jpa-hibernate-spring-data/Introduction Every Spring Boot application that touches a relational database eventually encounters three terms used almost interchangeably: JPA, Hibernate, and Spring Data JPA. They are related but distinct, and understanding the difference is essential before writing a single line of mapping code. This article explains what each one is, how they fit together, and why this stack is the dominant approach to Java database access. The Problem: Object-Relational Impedance Mismatch Java applications work with objects: classes, inheritance, collections, references.https://blog.devops-monk.com/tutorials/spring-kafka/json-serialization/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/json-serialization/The Serialization Problem Kafka stores bytes. KafkaTemplate&lt;String, OrderPlacedEvent&gt; needs to turn your Java object into bytes for the producer, and @KafkaListener needs to turn those bytes back into the right Java class on the consumer. Spring Kafka ships JsonSerializer and JsonDeserializer built on Jackson to handle this — but they have several sharp edges that break in real multi-service deployments. How Spring Kafka JSON Serialization Works flowchart LR subgraph Producer["Order Service"https://blog.devops-monk.com/tutorials/spring-security/jwt-authentication/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/jwt-authentication/What Is JWT? JWT (JSON Web Token, RFC 7519) is a compact, URL-safe token format for representing claims between two parties. It is the standard for stateless REST API authentication — the server issues a signed token at login, and the client presents it on every subsequent request. No session, no cookie, no server-side state. JWT Structure A JWT has three Base64URL-encoded parts separated by dots: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbGljZSIsInJvbGVzIjpbIlJPTEVfVVNFUiJdfQ.signature Header Payload Signature block-beta columns 3 A["https://blog.devops-monk.com/tutorials/spring-kafka/kafka-architecture/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/kafka-architecture/The Cluster: Brokers and the Controller A Kafka cluster is a group of servers, each called a broker. Brokers store data and serve producer/consumer requests. One broker in the cluster acts as the controller — it manages partition leadership, handles broker joins and departures, and coordinates rebalancing. In KRaft mode (Kafka 3.3+, the default from Kafka 4.0), the controller is built into Kafka itself — no ZooKeeper needed. flowchart TB subgraph Cluster["https://blog.devops-monk.com/tutorials/spring-kafka/kafka-consumer-basics/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/kafka-consumer-basics/How @KafkaListener Works @KafkaListener is a Spring Kafka annotation that registers a method as a Kafka consumer. Under the hood, Spring Kafka creates a ConcurrentMessageListenerContainer — a managed thread pool that continuously polls the broker and dispatches records to your method. flowchart LR Broker["Kafka Broker"] subgraph Container["ConcurrentMessageListenerContainer"] T1["Poll Thread 1\n(Partition 0)"] T2["Poll Thread 2\n(Partition 1)"] T3["Poll Thread 3\n(Partition 2)"] end Method["@KafkaListener\nvoid onOrderPlaced(...)"] Broker -->|"fetch records"| T1 Broker -->|"fetch records"| T2 Broker -->|"https://blog.devops-monk.com/tutorials/spring-kafka/kafka-producer-basics/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/kafka-producer-basics/How a Spring Kafka Producer Works KafkaTemplate is the central Spring Kafka class for sending messages. It wraps the native Kafka KafkaProducer, manages serialization, and provides a Spring-friendly API for sending records. flowchart LR App["Your Service\n(OrderService)"] KT["KafkaTemplate\n(Spring Kafka)"] Buffer["Producer Buffer\n(RecordAccumulator)"] Sender["Sender Thread\n(NetworkClient)"] Broker["Kafka Broker\n(Leader Partition)"] App -->|"send(topic, key, value)"| KT KT -->|serialize + route| Buffer Buffer -->|batch when full\nor linger.ms elapsed| Sender Sender -->|ProduceRequest| Broker Broker -->|ProduceResponse| Sender Sender -->|callback| App The send is asynchronous by default — KafkaTemplate.https://blog.devops-monk.com/tutorials/spring-kafka/kafka-streams/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/kafka-streams/Kafka Streams vs @KafkaListener @KafkaListener is a consumer — it reads records and processes them one by one or in batches. Kafka Streams is a stream processing library — it builds a topology of transformations that runs continuously, with built-in state stores, windowed aggregations, and join operations. Aspect @KafkaListener Kafka Streams Processing model Consume and process Topology of operators Stateful processing Manual (external DB) Built-in state stores (RocksDB) Windowed aggregations Manual Native (time, session, hopping) Joins Manual KStream-KTable, KStream-KStream Fault tolerance Committed offsets Changelog topics + offsets Use when Imperative event handling Stream transformations and aggregations Maven Dependency &lt;dependency&gt; &lt;groupId&gt;org.https://blog.devops-monk.com/tutorials/spring-kafka/transactions-eos/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/transactions-eos/Why Transactions? At-least-once delivery means a record can be processed and produced more than once after a crash. For most applications, idempotent consumers handle this. But when you need a hard guarantee — either the produce happens and the offset commits, or neither does — you need Kafka transactions. Common scenarios: Consume → transform → produce (read from one topic, write to another) where partial completion is unacceptable Exactly-once aggregations in financial or billing systems Atomic multi-topic produce where records to multiple topics must all land or none land How Kafka Transactions Work sequenceDiagram participant Producer participant Broker participant Consumer Producer->>Broker: initTransactions() [registers transactional.https://blog.devops-monk.com/tutorials/spring-kafka/kafka-admin/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/kafka-admin/Why Manage Topics Programmatically? CLI commands work for one-time setup. Production services need: Startup validation — verify required topics exist before the application starts Auto-provisioning — create topics at deployment time with correct config Dynamic tenant onboarding — create per-tenant topics at runtime Config drift detection — compare actual topic config against expected values Spring Kafka provides KafkaAdmin for declarative topic management and AdminClient for imperative operations. KafkaAdmin — Declarative Topic Creation Declare NewTopic beans — Spring Kafka creates them at startup if they don&rsquo;t exist:https://blog.devops-monk.com/tutorials/spring-security/ldap-authentication/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/ldap-authentication/LDAP in the Enterprise LDAP (Lightweight Directory Access Protocol) is the standard protocol for directory services. Microsoft Active Directory, OpenLDAP, and many other enterprise identity providers use LDAP. If your application must authenticate users from a corporate directory, LDAP integration is the path. sequenceDiagram participant Client participant SpringSecurity as Spring Security participant LDAP as LDAP / Active Directory Client->>SpringSecurity: POST /login {username, password} SpringSecurity->>LDAP: Bind as service account (manager DN) LDAP-->>SpringSecurity: Bind success SpringSecurity->>LDAP: Search for user:\n(uid=alice,ou=users,dc=example,dc=com) LDAP-->>SpringSecurity: User DN found SpringSecurity->>LDAP: Bind as user (verify password) LDAP-->>SpringSecurity: Bind success = password correct SpringSecurity->>LDAP: Search groups for user LDAP-->>SpringSecurity: Groups: [cn=developers, cn=devops] SpringSecurity->>SpringSecurity: Map groups to roles SpringSecurity-->>Client: Authentication success (ROLE_DEVELOPER, ROLE_DEVOPS) Dependencies &lt;!https://blog.devops-monk.com/tutorials/spring-data-jpa/many-to-many-relationships/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/many-to-many-relationships/Introduction A many-to-many relationship means records in table A can relate to many records in table B, and vice versa. Products have many tags; tags apply to many products. In SQL this requires a join table. In JPA, @ManyToMany and @JoinTable handle this automatically — but when you need extra data on the join (like a creation date or a relevance score), you need a different approach. Simple @ManyToMany: Product and Tag products (*) ──── product_tags ──── (*) tags The product_tags join table has two columns: product_id and tag_id.https://blog.devops-monk.com/tutorials/spring-kafka/message-headers/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/message-headers/What Are Kafka Record Headers? Every Kafka record carries a list of Header objects — key-value pairs of String key and byte[] value. They sit outside the message payload and are ideal for: Trace propagation — carry X-Trace-Id / X-Span-Id across service boundaries Correlation IDs — link a response to a request in async flows Routing metadata — signal which region, tenant, or feature flag applies Schema type hints — __TypeId__ (set automatically by JsonSerializer) Event versioning — indicate schema version without modifying the payload flowchart LR subgraph Record["https://blog.devops-monk.com/tutorials/spring-security/method-security/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/method-security/Why Method Security Exists URL-based authorization in authorizeHttpRequests() protects HTTP endpoints, but it has blind spots: The same service method may be called from multiple controllers, scheduled tasks, or message listeners — none of which pass through the HTTP filter chain Fine-grained rules based on method arguments or return values cannot be expressed as URL patterns Authorization logic spread across a large security config is hard to read alongside the code it protects Method security moves the authorization decision to the method itself.https://blog.devops-monk.com/tutorials/spring-kafka/monitoring/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/monitoring/What to Monitor in Kafka Production Kafka applications need visibility into: Consumer lag — how many records are unprocessed per partition Throughput — records produced and consumed per second Error rates — listener exceptions, DLT records, retry counts Producer latency — time from send() to broker acknowledgment Rebalance frequency — high rebalance rate signals consumer instability Dependencies &lt;!-- Micrometer Prometheus registry --&gt; &lt;dependency&gt; &lt;groupId&gt;io.micrometer&lt;/groupId&gt; &lt;artifactId&gt;micrometer-registry-prometheus&lt;/artifactId&gt; &lt;/dependency&gt; &lt;!-- Spring Boot Actuator --&gt; &lt;dependency&gt; &lt;groupId&gt;org.https://blog.devops-monk.com/tutorials/spring-security/multi-factor-authentication/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/multi-factor-authentication/Why MFA Matters A password alone is a single point of failure. Phishing, credential stuffing, and password reuse mean that knowing a password is not proof of identity. Multi-factor authentication requires something the user knows (password) and something they have (phone, hardware key) — compromising one factor is no longer sufficient. TOTP: Time-Based One-Time Passwords TOTP (RFC 6238) generates a 6-digit code that changes every 30 seconds, derived from a shared secret and the current time.https://blog.devops-monk.com/tutorials/spring-batch/multi-threaded-steps/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/multi-threaded-steps/Introduction A single-threaded Spring Batch step processes one chunk at a time — read N items, process N items, write N items, repeat. For large data sets this is a bottleneck. Spring Batch offers two in-JVM scaling options: Approach How it works Use when Multi-threaded step Multiple threads each process independent chunks Reader is thread-safe (JdbcPagingItemReader) AsyncItemProcessor Processing runs concurrently; writes remain sequential I/O-bound processors (REST calls, slow enrichment) This article covers both, plus the thread-safety requirements you must meet.https://blog.devops-monk.com/tutorials/spring-kafka/non-blocking-retries/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/non-blocking-retries/The Blocking Retry Problem DefaultErrorHandler retries by seeking back to the failed offset. While retrying, no other records from that partition are consumed — the partition is blocked. For a topic with high throughput, one slow retry can cause significant consumer lag. flowchart TD subgraph Blocking["Blocking Retry (DefaultErrorHandler)"] B1["poll() → [r50, r51, r52, r53]"] B2["process r50 ✓"] B3["process r51 ✗ — retry"] B4["wait 10s... retry r51 ✗"] B5["wait 20s... retry r51 ✗"https://blog.devops-monk.com/tutorials/spring-security/oauth2-fundamentals/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/oauth2-fundamentals/OAuth2 in One Sentence OAuth2 lets a user grant a third-party application limited access to their account on another service — without giving the third party their password. Classic example: &ldquo;Sign in with Google.&rdquo; Your app never sees the user&rsquo;s Google password. Google verifies the user&rsquo;s identity and gives your app a token with limited permissions. The Four OAuth2 Roles flowchart TD RO["**Resource Owner**\nThe user who owns the data\n(e.g. Alice, the Google account owner)"https://blog.devops-monk.com/tutorials/spring-security/oauth2-login/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/oauth2-login/What OAuth2 Login Does OAuth2LoginConfigurer implements the Authorization Code flow for user authentication. When a user clicks &ldquo;Sign in with Google&rdquo;: Spring redirects to Google&rsquo;s /authorize endpoint User authenticates on Google and grants consent Google redirects back to your app with a code Spring exchanges the code for tokens (back channel) Spring fetches the user profile from /userinfo Spring creates an OAuth2User and stores it in the SecurityContext Dependencies &lt;dependency&gt; &lt;groupId&gt;org.https://blog.devops-monk.com/tutorials/spring-security/oauth2-resource-server/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/oauth2-resource-server/What Is a Resource Server? In OAuth2, a Resource Server is an API that accepts access tokens and returns protected resources. It doesn&rsquo;t issue tokens — that&rsquo;s the Authorization Server&rsquo;s job. The Resource Server just validates tokens and enforces access control. flowchart LR Client[API Client\nor SPA/Mobile] -->|"1. POST /token\n{client_id, secret}"| AS[Authorization Server\nGoogle / Okta / Custom] AS -->|"2. access_token"| Client Client -->|"3. GET /api/products\nAuthorization: Bearer {token}"| RS[Your Spring Boot API\nResource Server] RS -->|"https://blog.devops-monk.com/tutorials/spring-kafka/offset-management/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/offset-management/Why Offset Management Matters The committed offset determines what happens when a consumer restarts. If the offset is committed too early, a crash before processing completes means events are lost. If it is committed too late, a crash after processing but before committing means events are re-processed. flowchart TD subgraph TooEarly["Commit too early → Data Loss"] E1["Commit offset 43"] --> E2["Process record 42"] --> E3["Crash!"] E4["Restart: resume from 43"] --> E5["https://blog.devops-monk.com/tutorials/spring-data-jpa/one-to-many-many-to-one/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/one-to-many-many-to-one/Introduction The one-to-many relationship is the most common in any domain model. An Order has many OrderItems. A Category has many Products. A Customer has many Orders. Understanding @OneToMany and @ManyToOne well — especially bidirectional mapping, collection types, and cascade configuration — is foundational to any JPA application. The Domain Example orders (1) ──────────────── (*) order_items An order has many order items. Each order item belongs to exactly one order.https://blog.devops-monk.com/tutorials/spring-data-jpa/one-to-one-relationships/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/one-to-one-relationships/Introduction A one-to-one relationship means one record in table A corresponds to exactly one record in table B. In JPA this is modelled with @OneToOne. Understanding where the foreign key lives, which side &ldquo;owns&rdquo; the relationship, and how cascade operations work is essential before moving to the more complex @OneToMany and @ManyToMany. The Domain Example In the e-commerce system, a Customer has one CustomerProfile containing their preferences and biography. A profile belongs to exactly one customer.https://blog.devops-monk.com/tutorials/spring-data-jpa/optimistic-pessimistic-locking/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/optimistic-pessimistic-locking/The Lost Update Problem Two users edit the same product simultaneously: Time User A User B T1 Load product (price=999) Load product (price=999) T2 Change price to 899 T3 Change price to 799 T4 Save → UPDATE price=899 T5 Save → UPDATE price=799 User A&rsquo;s change is silently overwritten. This is the lost update problem. Both JPA locking strategies prevent it — in different ways. Optimistic Locking with @Version Optimistic locking assumes conflicts are rare.https://blog.devops-monk.com/tutorials/spring-data-jpa/pagination-sorting/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/pagination-sorting/Why Pagination Matters Returning all rows from a database table is one of the most common production incidents. A query that works in development with 100 rows silently becomes a 10-second, 2 GB memory spike when production has 2 million rows. Pagination limits how many rows travel from the database to the application at a time. Spring Data JPA makes pagination a first-class feature — pass a Pageable to any repository method and get a Page&lt;T&gt; back.https://blog.devops-monk.com/tutorials/spring-batch/partitioning/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/partitioning/Introduction Multi-threaded steps (Article 20) run multiple chunks concurrently from a single reader. Partitioning is different — it splits the data into independent slices before processing starts, then runs each slice as its own StepExecution with its own reader, processor, writer, and metadata. This gives you: True independence between partitions — one partition&rsquo;s failure doesn&rsquo;t affect others A separate StepExecution row per partition in BATCH_STEP_EXECUTION — full visibility into per-partition progress The ability to distribute partitions across multiple JVMs (remote partitioning, covered in Article 22) Partitioning Architecture ManagerStep (PartitionStep) │ ├── Partitioner → creates N ExecutionContexts (one per partition) ├── PartitionHandler → distributes partitions to workers │ └── Worker Steps (run per partition) ├── ItemReader → reads only its slice of data ├── ItemProcessor └── ItemWriter The manager step runs once: it calls Partitioner.https://blog.devops-monk.com/tutorials/spring-security/password-encoding/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/password-encoding/Why Passwords Must Be Hashed Storing plaintext passwords is a critical security failure. When a database is breached, attackers immediately have every user&rsquo;s password — and because people reuse passwords, those credentials work on other sites too. Password hashing is not encryption. Encryption is reversible. Hashing is one-way: you can verify a password by hashing it and comparing to the stored hash, but you cannot recover the original password from the hash.https://blog.devops-monk.com/tutorials/spring-security/password-management/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/password-management/Secure Registration Registration is where passwords enter your system. Get it wrong here and no amount of downstream security saves you. The Registration Flow User submits form → Validate password strength → Check username/email uniqueness → Encode password with PasswordEncoder → Persist user (disabled) → Send verification email → User clicks link → enable account Registration Endpoint @RestController @RequestMapping(&#34;/auth&#34;) public class RegistrationController { private final UserService userService; private final PasswordEncoder passwordEncoder; @PostMapping(&#34;/register&#34;) public ResponseEntity&lt;Void&gt; register(@Valid @RequestBody RegistrationRequest request) { userService.https://blog.devops-monk.com/tutorials/spring-kafka/listener-lifecycle/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/listener-lifecycle/Why Control Container Lifecycle? A running listener consumes from Kafka continuously. In production you need to: Pause consumption when a downstream service is overloaded (back-pressure) Resume once the downstream recovers Stop a container entirely during maintenance or feature flag toggles Restart after a configuration change without redeploying Spring Kafka exposes all of this through KafkaListenerEndpointRegistry and the container&rsquo;s own lifecycle API. Container States stateDiagram-v2 [*] --> Running : start() Running --> Paused : pause() Paused --> Running : resume() Running --> Stopped : stop() Stopped --> Running : start() Paused --> Stopped : stop() Running — polling Kafka, dispatching to listener Paused — broker connection maintained, consumer heartbeat sent, no new records fetched Stopped — consumer thread terminated, partitions released back to group Paused is preferable to stopped for temporary throttling: it avoids a rebalance and keeps the consumer&rsquo;s partition assignment intact.https://blog.devops-monk.com/tutorials/spring-batch/performance-tuning/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/performance-tuning/Introduction A poorly tuned batch job can be 10–100x slower than a well-tuned one. The biggest gains come from a handful of settings — chunk size, MySQL JDBC rewrite, connection pool alignment, and avoiding unnecessary object creation. This article covers each systematically. Chunk Size — The Most Impactful Setting Chunk size determines how many items are processed per transaction. Too small = too many round trips to the database. Too large = long transactions, high memory pressure, slower rollback on failure.https://blog.devops-monk.com/tutorials/spring-data-jpa/primary-keys-generated-values/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/primary-keys-generated-values/Introduction Primary key choice affects performance, scalability, and application design. This article covers every strategy JPA supports — from the simple AUTO_INCREMENT to UUID and composite keys — with the trade-offs of each. IDENTITY Strategy (MySQL AUTO_INCREMENT) GenerationType.IDENTITY delegates key generation to the database column&rsquo;s auto-increment feature. This is the standard for MySQL. @Id @GeneratedValue(strategy = GenerationType.IDENTITY) private Long id; Generated DDL (when ddl-auto=create): id BIGINT NOT NULL AUTO_INCREMENT How IDENTITY works with Hibernate IDENTITY has one important behaviour: Hibernate cannot batch INSERT statements when using IDENTITY.https://blog.devops-monk.com/tutorials/spring-kafka/producer-bean-configuration/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/producer-bean-configuration/Why @Bean Configuration? application.properties is convenient for a single producer, but insufficient when you need: Multiple producers with different serializers (e.g. one for JSON events, one for Avro) Different settings per environment built at runtime (not just property substitution) Producers sending to different clusters (e.g. primary + DR cluster) Programmatic validation of configuration at startup flowchart TB subgraph PropertiesApproach["application.properties Approach"] P1["Single producer config\nspring.kafka.producer.*\n✓ Simple\n✗ One producer only\n✗ No runtime logic"] end subgraph BeanApproach["https://blog.devops-monk.com/tutorials/spring-kafka/producer-acknowledgments/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/producer-acknowledgments/What Are Acknowledgments? When a producer sends a record to a Kafka broker, it can wait for confirmation that the write was received and replicated before considering the send &ldquo;complete.&rdquo; The acks setting controls how much confirmation the producer requires. flowchart LR Producer["Producer"] Leader["Partition Leader\n(Broker 1)"] F1["Follower\n(Broker 2)"] F2["Follower\n(Broker 3)"] Producer -->|"ProduceRequest"| Leader Leader -->|"replicate"| F1 Leader -->|"replicate"| F2 Leader -->|"ProduceResponse ✓"| Producer style Producer fill:#3b82f6,color:#fff style Leader fill:#10b981,color:#fff The acknowledgment is the broker&rsquo;s confirmation to the producer.https://blog.devops-monk.com/tutorials/spring-kafka/producer-retries/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/producer-retries/Why Producers Need Retries Network errors, leader elections, and broker restarts are normal events in a distributed system. Without retries, a transient broker hiccup causes permanent data loss from the producer&rsquo;s perspective. With retries, the producer automatically re-sends failed records until either the broker accepts them or a timeout deadline is reached. sequenceDiagram participant Producer participant Leader as Leader (Broker 1) participant NewLeader as New Leader (Broker 2) Producer->>Leader: ProduceRequest (offset 42) Note over Leader: Broker 1 crashes mid-write Leader--xProducer: No response (timeout) Note over Producer: retry.https://blog.devops-monk.com/tutorials/spring-data-jpa/projections-dtos/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/projections-dtos/The Over-Fetching Problem By default, findAll() loads every column for every entity. A Product entity with 20 fields loads all 20 columns — even when a dropdown menu only needs id and name. This wastes bandwidth, memory, and query time. Projections let you define what shape the result should take, and Spring Data JPA generates a query that fetches only those columns. Interface Projections The simplest projection: declare an interface with getter methods matching entity field names.https://blog.devops-monk.com/tutorials/spring-security/reactive-security-webflux/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/reactive-security-webflux/Reactive vs. Servlet Security Spring Security&rsquo;s standard configuration targets Servlet-based applications (Spring MVC). Reactive applications built with Spring WebFlux run on a non-blocking event loop — there is no thread-per-request model, so ThreadLocal-based SecurityContextHolder does not work. Spring Security provides a parallel reactive stack: Servlet Reactive SecurityFilterChain SecurityWebFilterChain HttpSecurity ServerHttpSecurity SecurityContextHolder ReactiveSecurityContextHolder UserDetailsService ReactiveUserDetailsService AuthenticationManager ReactiveAuthenticationManager @EnableWebSecurity @EnableWebFluxSecurity @EnableMethodSecurity @EnableReactiveMethodSecurity Dependencies &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-webflux&lt;/artifactId&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-security&lt;/artifactId&gt; &lt;/dependency&gt; Spring Security auto-configures reactive security when WebFlux is on the classpath.https://blog.devops-monk.com/tutorials/spring-security/refresh-tokens/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/refresh-tokens/Why Refresh Tokens? Short-lived access tokens (15–60 minutes) limit the damage if a token is stolen — it expires quickly. But forcing users to log in every hour is terrible UX. Refresh tokens solve this: a long-lived token (7–30 days) stored securely lets the client silently obtain a new access token when the old one expires. The user stays logged in indefinitely without re-entering credentials. sequenceDiagram participant Client participant AuthServer as Auth Endpoint participant API as Protected API Client->>AuthServer: POST /api/auth/login AuthServer-->>Client: {accessToken: exp 15min, refreshToken: exp 7d} Note over Client,API: Normal API usage (15 min) Client->>API: GET /api/data\nAuthorization: Bearer {accessToken} API-->>Client: 200 OK Note over Client,API: Access token expires Client->>API: GET /api/data\nAuthorization: Bearer {expiredToken} API-->>Client: 401 Unauthorized Note over Client,API: Silent token refresh Client->>AuthServer: POST /api/auth/refresh\n{refreshToken} AuthServer-->>Client: {newAccessToken, newRefreshToken} Client->>API: GET /api/data\nAuthorization: Bearer {newAccessToken} API-->>Client: 200 OK Token Rotation: Every Refresh Issues a New Refresh Token Token rotation is the critical security mechanism: every time a refresh token is used, the server issues a new refresh token and invalidates the old one.https://blog.devops-monk.com/tutorials/spring-batch/remote-partitioning-kafka/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/remote-partitioning-kafka/Introduction Local partitioning (Article 21) runs all workers on one JVM. When a single machine is the bottleneck — CPU, memory, or network bandwidth — you need workers on separate machines. Spring Batch Integration provides two patterns for this: Pattern What distributes Coordinator controls Workers do Remote Partitioning Partition descriptors (small messages) Data splitting, aggregation Full read-process-write per partition Remote Chunking Actual items (larger messages) Reading Processing + writing only Remote partitioning is the more common choice — workers read directly from the database/file, so only small partition metadata crosses the network.https://blog.devops-monk.com/tutorials/spring-data-jpa/repository-interfaces/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/repository-interfaces/Introduction Spring Data JPA&rsquo;s repository abstraction eliminates the DAO boilerplate that every Java application used to require. You declare an interface, extend one of the repository base interfaces, and Spring generates a complete implementation at startup — find, save, delete, count, and more — with zero code written. The Repository Hierarchy Repository&lt;T, ID&gt; ← Marker interface — no methods │ └── CrudRepository&lt;T, ID&gt; ← Basic CRUD: save, find, delete, count │ └── PagingAndSortingRepository&lt;T, ID&gt; ← + findAll(Pageable), findAll(Sort) │ └── JpaRepository&lt;T, ID&gt; ← + flush, saveAndFlush, deleteInBatch Each interface adds more operations.https://blog.devops-monk.com/tutorials/spring-kafka/request-reply/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/request-reply/When Kafka Needs to Be Synchronous Kafka is designed for asynchronous event streaming. But some flows genuinely need a response: a payment validation service that must confirm before the order proceeds, or a pricing engine that must return the current price before checkout completes. ReplyingKafkaTemplate gives you a blocking send-and-receive call over Kafka without leaving the Kafka ecosystem. How Request-Reply Works sequenceDiagram participant Requester as "Order Service\n(ReplyingKafkaTemplate)" participant Broker participant Replier as "https://blog.devops-monk.com/tutorials/spring-kafka/retryable-exceptions/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/retryable-exceptions/Transient vs Permanent Failures Not every exception is worth retrying. Retrying a NullPointerException or a schema validation error wastes time and delays other records. Retrying a database timeout or a downstream HTTP 503 is exactly right — the error is temporary and will likely resolve. flowchart TD Ex["Exception in listener"] Q{"Transient?\n(DB timeout, HTTP 503,\nnetwork blip)"} Q -->|Yes| Retry["Retry with BackOff"] Q -->|No| Skip["Call recoverer immediately\n(no retries wasted)"] Retry -->|"still failing after\nmax retries"https://blog.devops-monk.com/tutorials/spring-security/role-based-access-control/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/role-based-access-control/Roles vs. Authorities: The Distinction That Matters Spring Security uses one interface for both roles and authorities: GrantedAuthority. Both are just strings. The difference is convention. Authority: a fine-grained permission string — user:read, report:export, order:cancel Role: a coarse-grained label that groups authorities — ROLE_ADMIN, ROLE_MANAGER, ROLE_USER The ROLE_ prefix is the only mechanical difference. When you call hasRole(&quot;ADMIN&quot;), Spring Security prepends ROLE_ automatically and checks for ROLE_ADMIN. When you call hasAuthority(&quot;ROLE_ADMIN&quot;) you must include the prefix yourself.https://blog.devops-monk.com/tutorials/spring-batch/scheduling-batch-jobs/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/scheduling-batch-jobs/Introduction A batch job that only runs manually is barely useful. Production jobs run on a schedule — nightly, hourly, after a file arrives. Spring Boot provides three scheduling options: Option Persistence Clustered Use when @Scheduled No No Simple cron on a single node Quartz Scheduler Yes (DB) Yes HA scheduling, persistent triggers External scheduler (Kubernetes CronJob, Airflow) Varies Yes Complex pipelines, dependency management @Scheduled — Simple Cron Trigger The simplest approach: annotate a method with @Scheduled and run the job from it.https://blog.devops-monk.com/tutorials/spring-data-jpa/second-level-cache/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/second-level-cache/Cache Layers in Hibernate Hibernate has two cache levels: Level Scope Lifetime Shared? First-level cache One Session (one transaction) Transaction No — per session Second-level cache SessionFactory Application lifetime Yes — across sessions The first-level cache (Article 24) prevents repeated reads within one transaction. The second-level cache prevents repeated reads across transactions — once an entity is loaded, it stays in the shared cache until evicted. When to Use the Second-Level Cache Good candidates:https://blog.devops-monk.com/tutorials/spring-security/security-headers/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/security-headers/Why Security Headers Matter Security headers tell browsers how to behave when handling your content. They stop entire classes of attacks — XSS, clickjacking, protocol downgrade, information leakage — with a few lines of configuration. They cost nothing at runtime and are one of the highest-value-per-effort security improvements available. Spring Security&rsquo;s Default Headers Spring Security adds a set of secure headers by default. You do not need any explicit configuration to get them:https://blog.devops-monk.com/tutorials/spring-security/security-context-authentication/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/security-context-authentication/The SecurityContext Is the Source of Truth Every security decision in Spring Security ultimately comes down to one question: &ldquo;What Authentication object is stored in the SecurityContext?&rdquo; Does the user have ROLE_ADMIN? → check Authentication.getAuthorities() What is the user&rsquo;s ID? → cast Authentication.getPrincipal() to UserDetails Is the user logged in at all? → check Authentication.isAuthenticated() Understanding the SecurityContext and Authentication is not optional — it underlies everything. The Object Hierarchy classDiagram class SecurityContextHolder { -strategy: SecurityContextHolderStrategy +getContext() SecurityContext +setContext(SecurityContext context) +clearContext() +getContextHolderStrategy() SecurityContextHolderStrategy } class SecurityContext { <> +getAuthentication() Authentication +setAuthentication(Authentication authentication) } class Authentication { <> +getPrincipal() Object +getCredentials() Object +getAuthorities() Collection~GrantedAuthority~ +getDetails() Object +isAuthenticated() boolean +getName() String } class UsernamePasswordAuthenticationToken { +UsernamePasswordAuthenticationToken(principal, credentials) +UsernamePasswordAuthenticationToken(principal, credentials, authorities) } class GrantedAuthority { <> +getAuthority() String } class SimpleGrantedAuthority { -role: String +getAuthority() String } SecurityContextHolder --> SecurityContext SecurityContext --> Authentication Authentication <|.https://blog.devops-monk.com/tutorials/spring-security/security-filter-chain-config/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/security-filter-chain-config/The Modern Configuration Model Spring Security 6.x dropped WebSecurityConfigurerAdapter. The new model uses a SecurityFilterChain @Bean directly. This is not just a syntax change — it&rsquo;s a fundamentally cleaner design: Old approach New approach Extend WebSecurityConfigurerAdapter @Bean SecurityFilterChain method Override configure(HttpSecurity) Accept HttpSecurity parameter Chain with .and() Lambda DSL — each concern is a separate block One class per application Multiple beans, one per URL namespace Implicit global AuthenticationManager Explicit AuthenticationManager bean // OLD — don&#39;t do this @Configuration public class OldSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.https://blog.devops-monk.com/tutorials/spring-kafka/seeking-offsets/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/seeking-offsets/Why Seek Instead of Reset? Offset management (auto-commit vs manual acknowledgment) controls when offsets advance during normal processing. Seeking is different: it lets you reposition the consumer to any offset — past or future — programmatically, without touching the committed offset in __consumer_offsets. Common scenarios: Replay from the beginning — reprocess all historical events after a bug fix Resume from a known-good offset — skip a poison pill that&rsquo;s blocking the consumer Time-based replay — reprocess everything since yesterday 09:00 Startup positioning — always start from the end, ignoring backlog on first launch How Kafka Seeking Works flowchart LR subgraph Broker["https://blog.devops-monk.com/tutorials/spring-kafka/producer-keys-headers-partitioning/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/producer-keys-headers-partitioning/Why Partitioning Strategy Matters How you route messages to partitions determines: Ordering: only messages in the same partition are ordered relative to each other Parallelism: how evenly work is distributed across consumers Hot spots: if one key generates 90% of traffic, one partition (and one consumer) gets 90% of the load flowchart TD subgraph Routing["Message Routing Decision"] Msg["Message"] HasKey{Has key?} HasPartition{Explicit partition?} KeyHash["hash(key) % numPartitions\n→ deterministic, same partition always"] RoundRobin["Sticky partitioning\n(batch to same partition,\nthen round-robin)"https://blog.devops-monk.com/tutorials/spring-security/session-management/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/session-management/How Spring Security Uses Sessions For form login and traditional web applications, Spring Security stores the Authentication object in the HTTP session. On every request, SecurityContextPersistenceFilter (Spring Security 5) or SecurityContextHolderFilter (Spring Security 6) loads the SecurityContext from the session and puts it in the SecurityContextHolder. For stateless APIs using JWT or OAuth2 Bearer tokens, no session is created — the token is verified on every request. Session Creation Policy Control when Spring Security creates sessions:https://blog.devops-monk.com/tutorials/spring-data-jpa/setup-spring-boot-spring-data-jpa/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/setup-spring-boot-spring-data-jpa/Introduction This article builds the project foundation used throughout the entire series. By the end, you will have a running Spring Boot 3.3 application connected to MySQL 8.x with Hibernate 6, a proper connection pool, schema management via Flyway, and SQL logging configured so you can see exactly what Hibernate sends to the database. Project Setup Maven pom.xml &lt;?xml version=&#34;1.0&#34; encoding=&#34;UTF-8&#34;?&gt; &lt;project xmlns=&#34;http://maven.apache.org/POM/4.0.0&#34; xmlns:xsi=&#34;http://www.w3.org/2001/XMLSchema-instance&#34; xsi:schemaLocation=&#34;http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd&#34;&gt; &lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt; &lt;parent&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-parent&lt;/artifactId&gt; &lt;version&gt;3.https://blog.devops-monk.com/tutorials/spring-data-jpa/specifications-criteria-api/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/specifications-criteria-api/Why Specifications Derived query methods and @Query annotations work for fixed queries. But what happens when the user can filter by any combination of 10 fields — some optional, some not? // Wrong approach — combinatorial explosion List&lt;Product&gt; findByName(String name); List&lt;Product&gt; findByNameAndPrice(String name, BigDecimal price); List&lt;Product&gt; findByNameAndPriceAndCategory(...); // ... you&#39;d need 2^10 = 1024 methods The Specification pattern solves this. Each filter condition is a reusable Specification&lt;T&gt; object. You compose them with and(), or(), and not() at runtime, and Spring Data JPA generates the correct query.https://blog.devops-monk.com/tutorials/spring-security/spring-authorization-server/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/spring-authorization-server/What Is Spring Authorization Server? Spring Authorization Server (SAS) is an official Spring project that implements OAuth 2.1 and OpenID Connect 1.0 as a Spring Boot application. It provides a complete authorization server you can host yourself — issuing tokens for your own clients and APIs. Use it when: You want SSO across your own microservices You cannot use a hosted provider (Okta, Auth0) due to compliance or cost You need complete control over token format and claims You&rsquo;re building a platform where other apps authenticate against your identity service Architecture flowchart TD SPA[SPA / Mobile App\nOAuth2 Client] -->|Authorization Code + PKCE| SAS Service[Backend Service\nClient Credentials| SAS] SAS[Spring Authorization Server\nIssues tokens] RS1[Your REST API\nResource Server] -->|Validates JWT| SAS RS2[Another API\nResource Server] -->|Validates JWT| SAS SAS -->|Signs tokens with| PK[Private Key\nJWK Set at /.https://blog.devops-monk.com/tutorials/spring-kafka/production-best-practices/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/production-best-practices/Before You Ship This is the checklist distilled from everything in this series. Work through it before your first production deployment. Each item links to the article where it&rsquo;s covered in depth. Producer Checklist Durability # Never lose data on leader failure spring.kafka.producer.acks=all # At least 2 brokers must acknowledge every write spring.kafka.producer.properties.min.insync.replicas=2 # Enables exactly-once message delivery (required for transactions) spring.kafka.producer.properties.enable.idempotence=true Do: Set acks=all and min.insync.replicas=2 for any topic that carries business data.https://blog.devops-monk.com/tutorials/spring-security/spring-security-best-practices/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/spring-security-best-practices/Using This Reference This is the final article in the Spring Security series. It is a consolidated reference — not a tutorial. Come back to this checklist before every launch and when reviewing a new codebase. Each item links back to the relevant article in the series. 1. Keep Spring Security Updated Security vulnerabilities in Spring Security itself are rare but severe when they occur. A dependency that is one minor version behind can expose known CVEs.https://blog.devops-monk.com/tutorials/spring-kafka/testing-kafka/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/testing-kafka/Two Testing Strategies Strategy Speed Fidelity Use when @EmbeddedKafka Fast (~2s startup) In-process broker, not 100% identical Unit/integration tests — CI fast path KafkaContainer (Testcontainers) Slower (~10s startup) Real Kafka broker in Docker Acceptance tests, DLT/transaction validation Use both: @EmbeddedKafka for the bulk of tests, KafkaContainer for the smoke suite that validates real-broker behaviour. Test Dependencies &lt;dependency&gt; &lt;groupId&gt;org.springframework.kafka&lt;/groupId&gt; &lt;artifactId&gt;spring-kafka-test&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.testcontainers&lt;/groupId&gt; &lt;artifactId&gt;kafka&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.awaitility&lt;/groupId&gt; &lt;artifactId&gt;awaitility&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; @EmbeddedKafka — Fast Integration Tests Testing a Producer @SpringBootTest @EmbeddedKafka( partitions = 1, topics = {&#34;orders&#34;}, brokerProperties = {&#34;log.https://blog.devops-monk.com/tutorials/spring-data-jpa/testing-spring-data-jpa/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/testing-spring-data-jpa/Why Test JPA Code? Unit tests with mocked repositories verify your service logic but nothing about the database. They won&rsquo;t catch: Wrong column mapping Constraint violations N+1 queries introduced by a new lazy association Transactions that silently don&rsquo;t roll back Queries that fail on the real database but pass on H2 Testing against a real database — or at minimum a database-compatible in-memory store — is necessary. Spring Boot&rsquo;s @DataJpaTest and Testcontainers make this practical.https://blog.devops-monk.com/tutorials/spring-security/testing-spring-security/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/testing-spring-security/Why Security Tests Are Non-Negotiable A security configuration that is never tested is a security configuration that is probably wrong. URL patterns have subtle ordering rules. Method security annotations are silently ignored if @EnableMethodSecurity is missing. CSRF tokens must be present in the right form. Testing is the only way to know your authorization rules are actually enforced. Test Dependencies &lt;dependency&gt; &lt;groupId&gt;org.springframework.security&lt;/groupId&gt; &lt;artifactId&gt;spring-security-test&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-test&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; @WithMockUser The simplest way to simulate an authenticated user.https://blog.devops-monk.com/tutorials/spring-data-jpa/n-plus-one-problem-solutions/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/n-plus-one-problem-solutions/What Is the N+1 Problem? The N+1 problem occurs when loading a list of N entities triggers N additional queries to load their associations — one query per entity. Example: load 50 orders, then access each order&rsquo;s customer: SELECT * FROM orders; -- 1 query SELECT * FROM customers WHERE id = 1; -- query for order 1&#39;s customer SELECT * FROM customers WHERE id = 2; -- query for order 2&#39;s customer SELECT * FROM customers WHERE id = 3; -- query for order 3&#39;s customer .https://blog.devops-monk.com/tutorials/spring-data-jpa/persistence-context-entity-lifecycle/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/persistence-context-entity-lifecycle/Introduction The persistence context is the single most important concept in JPA. Everything else — lazy loading, dirty checking, transaction scope, detached entity exceptions — only makes sense once you understand what the persistence context is and how it works. Many JPA bugs come from developers not understanding this concept. Understand it well and the rest of JPA becomes predictable. What Is the Persistence Context? The persistence context is an in-memory map of entities managed by the current EntityManager.https://blog.devops-monk.com/tutorials/spring-security/security-filter-chain/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/security-filter-chain/Every Filter Has a Job The Spring Security filter chain is not a monolith — it&rsquo;s 15-20 individual filters, each responsible for exactly one concern. Understanding each filter&rsquo;s job means you can: Know exactly where in the chain a request fails Add your own filter in the right position Remove filters you don&rsquo;t need for performance Debug authentication and authorization problems The Complete Filter Order Spring Security defines a strict ordering for its filters.https://blog.devops-monk.com/tutorials/spring-data-jpa/transaction-boundaries-pitfalls/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-data-jpa/transaction-boundaries-pitfalls/Transaction Boundaries A transaction boundary is the point where a transaction starts and where it ends. In Spring, boundaries are defined by @Transactional on service methods. HTTP Request └── Controller (no transaction) └── @Transactional Service method ← transaction OPENS here ├── Repository call 1 ├── Repository call 2 └── method returns ← transaction COMMITS here Everything inside the @Transactional method runs in the same database transaction. The persistence context (first-level cache) lives for the duration of that transaction.https://blog.devops-monk.com/tutorials/spring-kafka/what-is-apache-kafka/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-kafka/what-is-apache-kafka/The Problem Kafka Solves Imagine an e-commerce platform. A customer places an order. What needs to happen next? Inventory must be reserved Payment must be charged A confirmation email must be sent The warehouse must be notified to pick and pack Analytics must record the sale Fraud detection must evaluate the transaction One request. Six downstream systems. In a traditional REST architecture, the Order Service calls each of those six services directly — synchronously, one after another.https://blog.devops-monk.com/tutorials/spring-security/x509-certificate-authentication/Mon, 04 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-security/x509-certificate-authentication/What Is X.509 Authentication? X.509 authentication (also called mutual TLS or mTLS) uses digital certificates instead of passwords. The client presents a certificate during the TLS handshake. The server verifies the certificate against a trusted Certificate Authority (CA) and extracts the user identity from the certificate&rsquo;s Common Name (CN) or Subject Alternative Name (SAN). sequenceDiagram participant Client as Client (with certificate) participant Server as Spring Boot Server Client->>Server: TLS ClientHello Server->>Client: TLS ServerHello + Server Certificate Server->>Client: CertificateRequest (ask for client cert) Client->>Server: Client Certificate + CertificateVerify Server->>Server: Verify against trusted CA Server->>Server: Extract CN from certificate: "https://blog.devops-monk.com/tutorials/spring-batch/advanced-processors/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/advanced-processors/Introduction Real batch jobs often need more than one transformation step per item. You might validate first, then normalize, then enrich, then convert to the output type. CompositeItemProcessor chains multiple single-responsibility processors together. For I/O-bound enrichment steps, AsyncItemProcessor runs processing concurrently on a thread pool — giving you parallelism without rewriting your step as multi-threaded. CompositeItemProcessor CompositeItemProcessor chains a list of processors. The output of each processor becomes the input to the next.https://blog.devops-monk.com/tutorials/spring-batch/advanced-writers/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/advanced-writers/Introduction The previous article covered the two most common writers: FlatFileItemWriter for files and JdbcBatchItemWriter for database inserts. This article covers advanced scenarios: Persisting JPA entities with JpaItemWriter Writing to multiple destinations simultaneously with CompositeItemWriter Routing items to different writers based on content with ClassifierCompositeItemWriter Building custom writers for REST APIs, message queues, and cloud storage Combining a writer with a post-step cleanup tasklet JpaItemWriter JpaItemWriter calls EntityManager.merge() on each item.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-openapi-springdoc/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-openapi-springdoc/Good API documentation is non-negotiable. Springdoc reads your Spring MVC code and auto-generates interactive OpenAPI 3.1 documentation — no separate doc files to maintain. Setup &lt;dependency&gt; &lt;groupId&gt;org.springdoc&lt;/groupId&gt; &lt;artifactId&gt;springdoc-openapi-starter-webmvc-ui&lt;/artifactId&gt; &lt;version&gt;2.5.0&lt;/version&gt; &lt;/dependency&gt; Start the app and visit: Swagger UI: http://localhost:8080/swagger-ui.html OpenAPI JSON: http://localhost:8080/v3/api-docs OpenAPI YAML: http://localhost:8080/v3/api-docs.yaml Springdoc scans your @RestController classes and generates the spec automatically. Zero configuration needed for basic docs. Configuring the API Info @Configuration public class OpenApiConfig { @Bean public OpenAPI openAPI() { return new OpenAPI() .https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-gateway/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-gateway/The API gateway is the single entry point for all client traffic. It handles routing to downstream services, authentication, rate limiting, and request/response transformation — so individual services don&rsquo;t have to. Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.cloud&lt;/groupId&gt; &lt;artifactId&gt;spring-cloud-starter-gateway&lt;/artifactId&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.cloud&lt;/groupId&gt; &lt;artifactId&gt;spring-cloud-starter-netflix-eureka-client&lt;/artifactId&gt; &lt;/dependency&gt; Spring Cloud Gateway is reactive (WebFlux-based) — don&rsquo;t include spring-boot-starter-web. Route Configuration YAML Configuration spring: application: name: api-gateway cloud: gateway: routes: - id: order-service uri: lb://order-service # lb:// = load-balanced via Eureka predicates: - Path=/api/orders/** filters: - StripPrefix=0 # don&#39;t strip path prefix - AddRequestHeader=X-Gateway-Source, api-gateway - id: customer-service uri: lb://customer-service predicates: - Path=/api/customers/** filters: - StripPrefix=0 - id: payment-service uri: lb://payment-service predicates: - Path=/api/payments/** filters: - StripPrefix=0 # Versioned routing - id: order-service-v2 uri: lb://order-service-v2 predicates: - Path=/api/v2/orders/** - Header=X-API-Version, 2 default-filters: - DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin Programmatic Route Configuration @Configuration public class GatewayRouteConfig { @Bean public RouteLocator routeLocator(RouteLocatorBuilder builder) { return builder.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-api-versioning/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-api-versioning/APIs evolve. Adding fields is safe — removing or changing fields breaks clients. Versioning gives you a path to evolve the API without breaking existing integrations. When You Need Versioning You need a new API version when: Removing a field from a response Changing a field&rsquo;s type or semantics Changing URL structure significantly Breaking backward-incompatible business logic changes You don&rsquo;t need a new version for: Adding new optional fields (non-breaking) Adding new endpoints Bug fixes that don&rsquo;t change the contract Strategy 1: URL Path Versioning The most common and explicit approach:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-configuration-profiles/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-configuration-profiles/Every real application needs different configuration for different environments — a local database for dev, a connection pool for staging, a secret manager for prod. This article covers everything Spring Boot gives you to handle this cleanly. application.properties vs application.yml Spring Boot reads configuration from src/main/resources/application.properties (or .yml) by default. Both formats express the same thing: application.properties: server.port=8080 spring.datasource.url=jdbc:postgresql://localhost:5432/orders spring.datasource.username=app spring.datasource.password=secret spring.jpa.show-sql=false application.yml: server: port: 8080 spring: datasource: url: jdbc:postgresql://localhost:5432/orders username: app password: secret jpa: show-sql: false YAML is generally preferred for nested properties — it&rsquo;s less repetitive.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-async-virtual-threads/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-async-virtual-threads/Not every operation needs to complete before the response returns. Sending an email, generating a report, publishing an event — these can run in the background. Async processing keeps request latency low while the work continues. @Async — Fire and Forget @SpringBootApplication @EnableAsync public class OrderServiceApplication { } @Service @Slf4j public class NotificationService { @Async // runs in a separate thread public void sendOrderConfirmation(Order order) { log.info(&#34;Sending confirmation for order {}&#34;, order.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-bean-validation/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-bean-validation/Every request that enters your API needs validation. Without it, invalid data propagates through your application and produces confusing errors deep in the stack. This article covers how to validate data at the API boundary using Jakarta Bean Validation. Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-validation&lt;/artifactId&gt; &lt;/dependency&gt; This includes Hibernate Validator — the reference implementation of Jakarta Bean Validation 3.0. Built-in Constraints Annotate fields in your DTO with constraint annotations: public record CreateOrderRequest( @NotNull(message = &#34;Customer ID is required&#34;) UUID customerId, @NotEmpty(message = &#34;Order must contain at least one item&#34;) @Size(max = 50, message = &#34;Order cannot have more than {max} items&#34;) List&lt;@Valid OrderItemRequest&gt; items, @Valid ShippingAddressRequest shippingAddress, @Size(max = 20, message = &#34;Promo code cannot exceed {max} characters&#34;) String promoCode ) {} public record OrderItemRequest( @NotNull UUID productId, @Positive(message = &#34;Quantity must be positive&#34;) @Max(value = 999, message = &#34;Cannot order more than {value} units of a product&#34;) int quantity, @NotNull @Positive BigDecimal unitPrice ) {} public record ShippingAddressRequest( @NotBlank(message = &#34;Address line 1 is required&#34;) @Size(max = 100) String line1, @Size(max = 100) String line2, @NotBlank @Size(max = 50) String city, @NotBlank @Pattern(regexp = &#34;[A-Z]{2}&#34;, message = &#34;Country must be a 2-letter ISO code&#34;) String country, @NotBlank @Pattern(regexp = &#34;\\w{3,10}&#34;, message = &#34;Invalid postal code format&#34;) String postalCode ) {} Common Constraint Annotations Annotation Validates @NotNull Value is not null @NotEmpty String/collection not null and not empty @NotBlank String not null, not empty, not just whitespace @Size(min, max) String length or collection size @Min(value) Number ≥ value @Max(value) Number ≤ value @Positive Number &gt; 0 @PositiveOrZero Number ≥ 0 @Negative Number &lt; 0 @Pattern(regexp) String matches regex @Email Valid email format @Past Date is in the past @Future Date is in the future @DecimalMin(value) Decimal ≥ value (as string) @AssertTrue Boolean is true @AssertFalse Boolean is false Triggering Validation with @Valid Add @Valid to the controller parameter to trigger validation:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-spring-modulith/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-spring-modulith/Microservices solve organizational and scalability problems — but they add operational complexity. Most applications don&rsquo;t need that complexity. A modular monolith gives you clean boundaries and loose coupling without the distributed systems overhead. Spring Modulith enforces those boundaries. The Problem with Unstructured Monoliths Without explicit boundaries, every part of the codebase can talk to every other part: // OrderService calling PaymentRepository directly — skipping the Payment module @Service public class OrderService { @Autowired PaymentRepository paymentRepository; // ← wrong @Autowired NotificationService notificationService; // ← wrong @Autowired AnalyticsService analyticsService; // ← wrong } This creates hidden coupling.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-rest-api/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-rest-api/Time to build something real. In this article you&rsquo;ll create a fully functional REST API for the order-service — create, read, update, and delete orders over HTTP. Project Setup Start with these dependencies at start.spring.io: &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-validation&lt;/artifactId&gt; &lt;/dependency&gt; spring-boot-starter-web includes: Embedded Tomcat (no WAR deployment needed) Spring MVC (the web framework) Jackson (JSON serialization) The Request Processing Pipeline Before writing code, understand how Spring MVC handles a request:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-caching/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-caching/Caching sits between your application and the database. A cache hit returns data in microseconds; a database query takes milliseconds. For frequently-read, infrequently-changed data, caching is the highest-leverage performance improvement. Spring Cache Abstraction Spring&rsquo;s cache abstraction lets you add caching with annotations — the backing store (Caffeine, Redis, Hazelcast) is swappable: @Service @RequiredArgsConstructor public class ProductService { private final ProductRepository repository; @Cacheable(&#34;products&#34;) // cache the result public Product findById(UUID id) { return repository.https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-config-server/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-config-server/Managing configuration for 10 services across 3 environments means 30 separate config files. Spring Cloud Config Server centralizes all of them — one place to change a database URL, one place to rotate secrets, and services pick up changes without redeployment. Config Server Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.cloud&lt;/groupId&gt; &lt;artifactId&gt;spring-cloud-config-server&lt;/artifactId&gt; &lt;/dependency&gt; @SpringBootApplication @EnableConfigServer public class ConfigServerApplication { public static void main(String[] args) { SpringApplication.run(ConfigServerApplication.class, args); } } # application.yml — config-server server: port: 8888 spring: application: name: config-server cloud: config: server: git: uri: https://github.https://blog.devops-monk.com/tutorials/spring-batch/chunk-oriented-processing/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/chunk-oriented-processing/The read-process-write loop is at the heart of almost every Spring Batch job. Understanding exactly how it works — where transactions begin and end, what gets rolled back on failure, and how Spring Batch knows where to restart — makes everything else in the framework click into place. This article goes deep on chunk-oriented processing: the execution model, the three interfaces, the counters that track progress, and how to size chunks correctly.https://blog.devops-monk.com/tutorials/spring-batch/job-step-configuration/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/job-step-configuration/Introduction So far every example has had a single step. Real batch jobs usually have multiple steps — validate input, import data, generate a report, send a notification, clean up temp files. Spring Batch&rsquo;s JobBuilder DSL lets you compose these steps into flows with conditional branching, parallel execution, and decision logic. This article covers: Linear multi-step jobs Conditional step transitions using ExitStatus JobExecutionDecider for runtime branching Parallel flows with split Nested jobs with FlowStep The Flow abstraction for reusable step sequences Linear Multi-Step Job The simplest multi-step job runs steps in sequence.https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-crud/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-crud/You have entities and repositories set up. Now let&rsquo;s work through every data operation in depth — create, read, update, delete — and the JPA mechanics behind each. Create: save() @Service @RequiredArgsConstructor @Transactional public class OrderService { private final OrderRepository orderRepository; public Order createOrder(CreateOrderRequest request) { Order order = new Order(); order.setCustomerId(request.customerId()); order.setOrderNumber(generateOrderNumber()); order.setStatus(OrderStatus.PENDING); request.items().forEach(itemReq -&gt; { OrderItem item = new OrderItem(); item.setProductId(itemReq.productId()); item.setQuantity(itemReq.quantity()); item.setUnitPrice(itemReq.unitPrice()); order.addItem(item); // manages bidirectional relationship }); return orderRepository.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-flyway-migrations/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-flyway-migrations/Never use spring.jpa.hibernate.ddl-auto=update in production. It&rsquo;s unpredictable, irreversible, and can corrupt data. Flyway gives you version-controlled, audited, reproducible schema changes. Why Flyway? Every database change runs as a versioned SQL script. Flyway tracks which scripts have run in a flyway_schema_history table. When the app starts: Flyway reads all migration files Checks which have already run (by checking the history table) Runs any new ones, in order If the current state doesn&rsquo;t match the expected state → fails fast Benefits:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-docker/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-docker/Packaging your Spring Boot application as a Docker container is the standard way to deploy it — to Kubernetes, cloud platforms, or any container runtime. This article covers building production-quality images. The Naive Dockerfile (Don&rsquo;t Use This) FROM eclipse-temurin:21-jdk COPY target/order-service.jar app.jar ENTRYPOINT [&#34;java&#34;, &#34;-jar&#34;, &#34;app.jar&#34;] Problems: 600MB+ image (JDK, not JRE) No layer caching — every code change rebuilds the whole JAR layer Runs as root (security risk) No health check Layered JARs (Better Cache Utilization) Spring Boot 3 creates layered JARs by default.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-dto-response/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-dto-response/Every beginner makes the same mistake: returning JPA entities directly from REST controllers. This article explains why that&rsquo;s dangerous, and how to design clean DTOs that make your API stable, secure, and maintainable. Why Not Return Entities Directly? Consider this: @GetMapping(&#34;/{id}&#34;) public Order getOrder(@PathVariable UUID id) { return orderRepository.findById(id).orElseThrow(); // Entity returned directly } Problems with this: 1. Serialization of lazy-loaded relationships crashes @Entity public class Order { @OneToMany(fetch = FetchType.https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-relationships/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-relationships/Relationships are the trickiest part of JPA. A wrong cascade type or a missing mappedBy causes subtle bugs that appear in production. This article covers every relationship type with real examples and the pitfalls to avoid. Relationship Fundamentals JPA relationships can be: Direction: Unidirectional (one side knows about the other) or Bidirectional (both sides know each other) Cardinality: @OneToOne, @OneToMany, @ManyToOne, @ManyToMany Fetch: LAZY (load on access) or EAGER (load immediately) Ownership: The side with the foreign key column is the owner Default fetch types:https://blog.devops-monk.com/2026/05/spring-boot-kafka-transactional-outbox/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-kafka-transactional-outbox/Publishing an event to Kafka after saving to the database looks simple. It has a subtle, dangerous flaw: if the Kafka publish fails after the DB commit, or the app crashes between the two, your event is lost and your data is inconsistent. The Transactional Outbox Pattern solves this by writing the event to the database in the same transaction as the business data, then publishing to Kafka separately. This guide covers the pattern, the implementation, and idempotent consumers.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-configuration-properties/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-configuration-properties/@ConfigurationProperties binds external configuration to a typed Java class — replacing scattered @Value annotations with a single, validated, testable object. Why @ConfigurationProperties Over @Value // @Value — scattered, no type safety, no validation @Service public class PaymentService { @Value(&#34;${payment.gateway.url}&#34;) private String gatewayUrl; @Value(&#34;${payment.gateway.timeout:5000}&#34;) private int timeoutMs; @Value(&#34;${payment.gateway.api-key}&#34;) private String apiKey; @Value(&#34;${payment.gateway.max-retries:3}&#34;) private int maxRetries; } // @ConfigurationProperties — one place, typed, validated @Service public class PaymentService { private final PaymentProperties properties; // all config in one place, injected as a single object } @ConfigurationProperties gives you:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-observability/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-observability/Observability means being able to answer &ldquo;what&rsquo;s wrong and why&rdquo; from the outside — without modifying the code. The three pillars: metrics (what happened), logs (what the code did), and traces (how a request flowed). This article wires them all together. The Stack Spring Boot App ├── Metrics → Micrometer → Prometheus scrape → Grafana dashboards ├── Traces → Micrometer Tracing → OTLP → Tempo → Grafana trace view └── Logs → Logback → Loki4j → Loki → Grafana log explorer All three converge in Grafana — click a metric spike to see the correlated logs and traces for that exact time window.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-exception-handling/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-exception-handling/Without global exception handling, Spring returns raw stack traces or inconsistent error shapes. This article shows how to centralize all error handling in one place and return structured, RFC 7807-compliant responses. The Problem Without Global Handling Default Spring Boot error responses are inconsistent: // Validation failure (MethodArgumentNotValidException) { &#34;timestamp&#34;: &#34;2026-05-03T10:00:00.000+00:00&#34;, &#34;status&#34;: 400, &#34;error&#34;: &#34;Bad Request&#34;, &#34;path&#34;: &#34;/api/orders&#34; } // Details of which fields failed? Not included. // Custom exception not handled // → 500 Internal Server Error with a stack trace in the body (in dev mode) What clients actually need:https://blog.devops-monk.com/2026/05/spring-boot-graalvm-native-images/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-graalvm-native-images/Spring Boot applications running as GraalVM native images start in milliseconds, use a fraction of the memory, and fit in tiny containers. The tradeoff is a longer build time. In 2026, with Spring Boot 4 and GraalVM 24, native images are production-ready for most Spring applications. This guide covers everything: what Spring AOT does, how to build your first native image, how to fix the common issues, and how to add native builds to CI.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-graalvm-native/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-graalvm-native/A regular Spring Boot application takes 2–10 seconds to start. A GraalVM native image of the same application starts in under 100 milliseconds. For serverless functions, batch jobs, and CLI tools, this is the difference between viable and unusable. What Is a Native Image? GraalVM&rsquo;s native image compiler performs ahead-of-time (AOT) compilation. Instead of shipping a JAR that the JVM interprets at runtime, you ship a standalone executable that: Contains only the code your application actually uses Has no JVM startup overhead Uses much less memory (no JIT compiler, no class metadata) Starts in milliseconds The tradeoff: compile time increases from seconds to minutes.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-production-readiness/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-production-readiness/An application that starts and serves traffic is not production-ready. Production readiness means it shuts down cleanly, handles spikes, recovers from transient failures, and gives you visibility into what it&rsquo;s doing. This article covers the operational layer. Graceful Shutdown When Kubernetes terminates a pod, it sends SIGTERM. Without graceful shutdown, in-flight requests are killed mid-execution — users see 500 errors or dropped writes. Enable graceful shutdown: server: shutdown: graceful # wait for in-flight requests to complete spring: lifecycle: timeout-per-shutdown-phase: 30s # max wait before forcing shutdown With this configured, Spring Boot:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-request-handling/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-request-handling/A REST API receives data in many places: URL path, query string, body, headers, cookies. This article covers every way to extract that data in Spring MVC. @PathVariable — Extract from URL Use @PathVariable when the data is part of the URL path: // URL: GET /api/orders/550e8400-e29b-41d4-a716-446655440000 @GetMapping(&#34;/{id}&#34;) public OrderResponse getOrder(@PathVariable UUID id) { return orderService.findById(id) .map(OrderResponse::from) .orElseThrow(() -&gt; new OrderNotFoundException(id)); } Spring automatically converts the string segment to the parameter type (UUID, Long, int, etc.https://blog.devops-monk.com/2026/05/spring-boot-auto-configuration-deep-dive/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-auto-configuration-deep-dive/&ldquo;Spring Boot is magic&rdquo; is something you hear a lot. Add spring-boot-starter-data-jpa and suddenly you have a working DataSource, a JpaTransactionManager, and a LocalContainerEntityManagerFactoryBean — without writing a single @Bean method. Understanding how this actually works turns the magic into a tool you can control, debug, and extend. The Entry Point: @EnableAutoConfiguration @SpringBootApplication is a shorthand for three annotations: @Configuration @EnableAutoConfiguration // this is the one that matters here @ComponentScan public class MyApplication { public static void main(String[] args) { SpringApplication.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-auto-configuration/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-auto-configuration/Spring Boot &ldquo;just works&rdquo; — you add a dependency and things appear in your application context. This article explains exactly how that happens, so you can debug it when it doesn&rsquo;t, and extend it when you need to. What Auto-Configuration Actually Does When you add spring-boot-starter-data-jpa to your project, you don&rsquo;t write a single line of config — yet Spring creates a DataSource, EntityManagerFactory, and JpaTransactionManager automatically. That&rsquo;s auto-configuration. Auto-configuration is a set of @Configuration classes that Spring Boot ships.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-integration-testing/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-integration-testing/Integration tests verify that all layers work together — HTTP → controller → service → repository → database. This article shows how to write them efficiently with Testcontainers and manage test isolation. @SpringBootTest — The Full Context @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) class OrderIntegrationTest { // Loads the FULL Spring ApplicationContext // Everything: controllers, services, repositories, security // Starts on a random port (avoids port conflicts when running tests in parallel) } WebEnvironment options Option What it starts Use for RANDOM_PORT Embedded server on random port Full HTTP round-trip tests DEFINED_PORT Embedded server on configured port When you need a fixed port MOCK (default) No real server, MockMvc available Fast tests without real HTTP NONE No server at all Service/repo tests only Testcontainers — Real Database &lt;dependency&gt; &lt;groupId&gt;org.https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-feign-restclient/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-feign-restclient/Services call each other over HTTP. You can use raw RestClient with a URL, or you can use OpenFeign — a declarative HTTP client that turns an interface into a fully functional HTTP client. This article covers both. OpenFeign: Declarative HTTP Client &lt;dependency&gt; &lt;groupId&gt;org.springframework.cloud&lt;/groupId&gt; &lt;artifactId&gt;spring-cloud-starter-openfeign&lt;/artifactId&gt; &lt;/dependency&gt; @SpringBootApplication @EnableFeignClients public class OrderServiceApplication { } Defining a Feign Client @FeignClient( name = &#34;inventory-service&#34;, // service name — resolved via Eureka path = &#34;/api/inventory&#34; ) public interface InventoryClient { @GetMapping(&#34;/products/{productId}/availability&#34;) InventoryResponse checkAvailability( @PathVariable UUID productId, @RequestParam int quantity ); @PostMapping(&#34;/reservations&#34;) ReservationResponse reserve(@RequestBody ReservationRequest request); @DeleteMapping(&#34;/reservations/{reservationId}&#34;) void cancelReservation(@PathVariable UUID reservationId); @GetMapping(&#34;/products&#34;) Page&lt;ProductResponse&gt; findProducts( @RequestParam String category, @SpringQueryMap Pageable pageable // Pageable as query params ); } Using it — just inject and call:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kafka-introduction/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kafka-introduction/REST APIs are synchronous — the caller waits for a response. Sometimes you don&rsquo;t want that. An order creation shouldn&rsquo;t wait for the inventory system, the notification system, and the analytics system to all respond before confirming to the user. Kafka decouples these concerns. What Kafka Is Kafka is a distributed event streaming platform. It stores events (messages) in an ordered, immutable log. Producers write to Kafka; consumers read from it.https://blog.devops-monk.com/tutorials/spring-batch/introduction-to-spring-batch/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/introduction-to-spring-batch/Every application has a class of work that doesn&rsquo;t fit the request-response model: process 2 million orders overnight, generate 500,000 monthly statements, migrate 10 years of legacy data before Monday morning. This work needs to be reliable, restartable after failures, and fast enough to finish in the available window. That&rsquo;s what Spring Batch is built for. This article covers what Spring Batch is, when to use it, and how its architecture works.https://blog.devops-monk.com/tutorials/spring-boot/introduction-to-spring-boot/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/introduction-to-spring-boot/You want to build a Java web application or REST API. You&rsquo;ve heard everyone uses Spring Boot. But what is it exactly, and why does it exist? This article answers that — clearly — before writing a single line of code. What Is Spring Boot? Spring Boot is an opinionated framework for building Spring-based Java applications with minimal configuration. Break that down: Spring-based — it sits on top of the Spring Framework, which has been the dominant Java application framework since 2003 Minimal configuration — you describe what you want (a web app, a database connection), and Spring Boot figures out how to set it up Opinionated — it makes sensible default choices so you don&rsquo;t have to make every decision yourself The one-line version: Spring Boot lets you go from a blank project to a running application in minutes, with production-ready defaults built in.https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-introduction/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-introduction/Most Spring Boot applications need to read and write data to a relational database. Spring Data JPA makes this dramatically simpler by generating the boilerplate data access code for you. This article explains what it is, how it fits together, and how to get started. The Stack: JPA, Hibernate, and Spring Data JPA These three things work together — understanding the layering matters: Your Code (Repository interfaces, @Entity classes) │ ▼ Spring Data JPA (generates repository implementations, adds convenience methods) │ ▼ JPA (Jakarta Persistence API) (standard specification: @Entity, @Id, EntityManager, JPQL) │ ▼ Hibernate (JPA implementation) (translates JPA operations to SQL, manages sessions) │ ▼ JDBC (Java Database Connectivity) (sends SQL to the database) │ ▼ PostgreSQL / MySQL / H2 / etc.https://blog.devops-monk.com/tutorials/spring-batch/job-parameters-execution-context/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/job-parameters-execution-context/Introduction Two mechanisms let you pass information into and through a Spring Batch job: JobParameters — input values provided at launch time (a date, a file path, a run ID). They are immutable and persisted to BATCH_JOB_EXECUTION_PARAMS. ExecutionContext — a key-value map that steps can read and write during execution. It is persisted after each chunk commit, enabling restartability. Understanding both is essential for building jobs that can be safely re-run, restarted after failure, and parameterised for different data sets.https://blog.devops-monk.com/tutorials/spring-batch/job-repository-batch-metadata/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/job-repository-batch-metadata/Introduction Every time Spring Batch runs a job it records the run&rsquo;s history in a set of relational tables. This metadata is not optional — it is what makes Spring Batch reliable. Without it there would be no restart capability, no duplicate-run prevention, and no audit trail. Understanding the metadata layer is essential for debugging failures, building monitoring dashboards, and designing restartable jobs. In this article you will learn: The role of JobRepository and JobExplorer in the Spring Batch architecture The six metadata tables — their schema, purpose, and relationships How Spring Batch uses these tables to enable restartability How to query batch history directly in MySQL How to access metadata programmatically with JobExplorer Key changes in Spring Batch 5 (removed MapJobRepositoryFactoryBean, new testing approach) All examples use Spring Boot 3.https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-entity-mapping/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-entity-mapping/JPA entity mapping defines how Java objects translate to database tables. Get it right and your schema is clean, performant, and expressive. This article covers every mapping annotation you&rsquo;ll need. @Entity and @Table @Entity @Table( name = &#34;orders&#34;, // table name (default: class name) schema = &#34;commerce&#34;, // database schema indexes = { @Index(name = &#34;idx_orders_customer_id&#34;, columnList = &#34;customer_id&#34;), @Index(name = &#34;idx_orders_status_created&#34;, columnList = &#34;status, created_at&#34;) }, uniqueConstraints = { @UniqueConstraint(name = &#34;uq_order_number&#34;, columnNames = &#34;order_number&#34;) } ) public class Order { // .https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-jpa-performance-tuning/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-jpa-performance-tuning/JPA makes data access easy — until it silently runs hundreds of queries to load what you think is a single query. This article covers how to find and fix the most common JPA performance problems. Enable Query Logging First You can&rsquo;t fix what you can&rsquo;t see. Enable SQL logging before optimizing: logging: level: org.hibernate.SQL: DEBUG org.hibernate.orm.jdbc.bind: TRACE # log bind parameters (Spring Boot 3+) spring: jpa: properties: hibernate: format_sql: true generate_statistics: true # log query count, cache hits, etc.https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-queries/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-data-jpa-queries/Derived query methods cover simple cases. Complex filtering, aggregation, and reporting queries need JPQL or native SQL. This article covers both with practical examples. JPQL vs SQL vs Native SQL JPQL Native SQL Writes Entity-oriented (FROM Order o) Table-oriented (FROM orders o) Portability DB-agnostic DB-specific Features Basic SQL + JPA joins Full DB-specific SQL (CTEs, window functions, JSONB) Type-safety Partial None Use for Most queries Reporting, DB-specific features @Query with JPQL public interface OrderRepository extends JpaRepository&lt;Order, UUID&gt; { // Basic JPQL — uses entity/field names, not table/column names @Query(&#34;SELECT o FROM Order o WHERE o.https://blog.devops-monk.com/tutorials/spring-boot/spring-security-jwt/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-security-jwt/JWT (JSON Web Token) is the standard for stateless REST API authentication. This article builds a complete JWT authentication system — login, token generation, request validation, and token refresh. What is a JWT? A JWT has three base64url-encoded parts separated by dots: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 ← Header (algorithm + type) .eyJzdWIiOiJ1c2VyMTIzIiwicm9sZXMiOlsiVVNFUiJdLCJpYXQiOjE3MTQ3MjY0MDAsImV4cCI6MTcxNDczMDAwMH0 ← Payload .SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c ← Signature The payload contains claims: { &#34;sub&#34;: &#34;user123&#34;, // subject (user identifier) &#34;roles&#34;: [&#34;USER&#34;], &#34;iat&#34;: 1714726400, // issued at &#34;exp&#34;: 1714730000 // expires at } The signature is a HMAC of the header+payload — tamper-proof.https://blog.devops-monk.com/tutorials/spring-batch/listeners/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/listeners/Introduction Spring Batch emits lifecycle events at every stage of execution — before and after a job runs, before and after each step, before and after each chunk, and before and after each individual read/process/write call. Listeners let you hook into these events without modifying your core batch logic. Common uses: Log start/end times and item counts Send success/failure notifications (Slack, email, PagerDuty) Publish metrics to Prometheus or CloudWatch Log every skipped item to a dead-letter table Reset resources before a step begins Listener Hierarchy Job ├── JobExecutionListener beforeJob / afterJob │ └── Step ├── StepExecutionListener beforeStep / afterStep ├── ChunkListener beforeChunk / afterChunk / afterChunkError ├── ItemReadListener beforeRead / afterRead / onReadError ├── ItemProcessListener beforeProcess / afterProcess / onProcessError └── ItemWriteListener beforeWrite / afterWrite / onWriteError └── SkipListener onSkipInRead / onSkipInWrite / onSkipInProcess JobExecutionListener @Component public class ImportJobListener implements JobExecutionListener { private static final Logger log = LoggerFactory.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-logging/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-logging/Logging done right gives you everything you need to diagnose production issues. Done wrong, it either buries you in noise or leaves you blind. This article covers the full logging stack — from basics to structured production logging. The Logging Stack Your Code → SLF4J API → Logback (implementation) → Appenders (console, file, etc.) SLF4J is the facade — your code always calls LoggerFactory.getLogger() and log.info(). The implementation (Logback) is swappable without changing your code.https://blog.devops-monk.com/tutorials/spring-boot/microservices-architecture-guide/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/microservices-architecture-guide/Microservices are not a technology — they&rsquo;re an organizational strategy. The right reason to split a monolith is team autonomy and independent deployment, not technical elegance. This article covers when splitting makes sense and how to do it without creating a distributed monolith. What Microservices Actually Solve Microservices address two problems: 1. Independent deployment: Team A can deploy the Order Service without coordinating with Team B&rsquo;s Payment Service. No shared deployment pipeline, no release freeze, no &ldquo;all-hands&rdquo; deploy windows.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-3-to-4-migration/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-3-to-4-migration/Migrating from Spring Boot 3.x to 4.0 is straightforward if you&rsquo;ve kept up with deprecation warnings. This guide walks through every step — from dependency updates to API changes — with before/after examples. Pre-Migration: Fix Boot 3 Deprecations Before bumping the version, fix all deprecation warnings in your current Boot 3.x project. Every deprecated API in Boot 3 is removed in Boot 4. In IntelliJ IDEA: Analyze → Code Cleanup with &ldquo;Remove deprecated usages&rdquo; enabled.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-jspecify-null-safety/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-jspecify-null-safety/NullPointerException is the most common runtime error in Java. JSpecify is the standardized solution — annotate your APIs and get compile-time null safety. Spring Framework 7 adopts JSpecify throughout, and your code can too. The Problem // Is this safe? You don&#39;t know without reading the implementation. public Order findById(UUID id) { return repository.findById(id).orElse(null); // returns null! } // The caller has no warning: Order order = service.findById(id); order.cancel(); // ← NullPointerException if not found Without null annotations, every method call is potentially null — you write defensive code everywhere, or you miss a case and get a NPE in production.https://blog.devops-monk.com/tutorials/spring-boot/spring-security-oauth2-authorization-server/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-security-oauth2-authorization-server/Most teams use a managed auth provider (Keycloak, Auth0). But sometimes you need your own — multi-tenant SaaS, air-gapped environments, or full control over token contents. Spring Authorization Server provides a production-ready OAuth2 + OIDC implementation. When to Build Your Own vs Use a Provider Use a managed provider (Keycloak/Auth0): Most applications. Faster to set up, maintained externally, handles compliance. Build your own: Multi-tenant platforms issuing tokens on behalf of tenant auth providers, air-gapped or regulated environments, products that ARE the identity provider, or when you need full control over token structure and storage.https://blog.devops-monk.com/tutorials/spring-boot/spring-security-oauth2-resource-server/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-security-oauth2-resource-server/In production, you rarely build your own auth server. You use an external provider — Keycloak, Auth0, Okta, or AWS Cognito. This article shows how to configure Spring Boot as a Resource Server that validates JWTs issued by any OIDC-compliant provider. The OAuth2 Architecture ┌─────────────────┐ │ Auth Server │ │ (Keycloak/Auth0) │ │ │ │ Issues JWTs │ │ Publishes JWKS │ └────────┬────────┘ │ ┌────────────┐ │ JWT │ Client │──────────►│ │ (Browser/ │ │ │ Mobile) │ │ └────────────┘ ▼ ┌─────────────────┐ Bearer │ Resource Server │ Token ►│ (Spring Boot) │ │ │ │ Validates JWT │ │ via JWKS URI │ └─────────────────┘ Client authenticates with the Auth Server and receives a JWT Client sends the JWT as Authorization: Bearer &lt;token&gt; to the Resource Server Resource Server validates the JWT by fetching the public key from the Auth Server&rsquo;s JWKS endpoint If valid, the Resource Server processes the request Setup &lt;dependency&gt; &lt;groupId&gt;org.https://blog.devops-monk.com/2026/05/spring-boot-owasp-security/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-owasp-security/The OWASP Top 10 lists the most critical web application security risks. Spring Boot apps have their own common failure patterns: exposed Actuator endpoints, secrets in properties files, SQL built from string concatenation, and Spring Security misconfiguration. This guide covers the vulnerabilities that actually appear in Spring Boot applications and how to fix each one. 1. SQL Injection SQL injection remains one of the most critical vulnerabilities. It allows attackers to manipulate database queries.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-pagination-sorting/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-pagination-sorting/Returning all records from a large table in a single response is a recipe for slow APIs and crashed servers. Pagination is not optional — this article shows how to implement it properly with Spring Data. The Problem with Returning Everything // Never do this for large datasets @GetMapping(&#34;/api/orders&#34;) public List&lt;Order&gt; getOrders() { return orderRepository.findAll(); // 1 million orders → OutOfMemoryError } Even for &ldquo;small&rdquo; tables, always paginate. Requirements change, data grows.https://blog.devops-monk.com/tutorials/spring-boot/spring-security-authentication/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-security-authentication/Every application needs user registration and login. This article builds a complete authentication system — from storing passwords safely to handling failed login attempts. Never Store Passwords in Plain Text Store a one-way hash, not the password. BCrypt is the industry standard: @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(12); // cost factor 12 → ~250ms per hash on modern hardware // strong enough to slow down brute-force attacks } BCrypt properties:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kafka-producer-consumer/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kafka-producer-consumer/This article implements Kafka producers and consumers with the full production setup — error handling, retries, dead-letter topics, and idempotent consumers. Producer: KafkaTemplate @Service @RequiredArgsConstructor @Slf4j public class OrderEventPublisher { private final KafkaTemplate&lt;String, Object&gt; kafkaTemplate; public void publishOrderCreated(Order order) { OrderCreatedEvent event = new OrderCreatedEvent( order.getId(), order.getCustomerId(), order.getCustomerEmail(), order.getItems().stream().map(OrderItemDto::from).toList(), order.getTotalAmount(), Instant.now() ); // Key = customerId: all events for same customer go to same partition kafkaTemplate.send(&#34;order-events&#34;, order.getCustomerId().toString(), event) .whenComplete((result, ex) -&gt; { if (ex !https://blog.devops-monk.com/tutorials/spring-batch/reading-flat-files/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/reading-flat-files/Introduction Flat files — CSV exports, fixed-width mainframe feeds, pipe-delimited data dumps — are the most common input source for batch jobs. Spring Batch&rsquo;s FlatFileItemReader handles all of them. It is restartable out of the box: it persists its line-number position in the ExecutionContext so that a restarted job resumes exactly where it crashed. In this article you will build a complete order-import job that reads a CSV file and inserts rows into a MySQL orders table.https://blog.devops-monk.com/tutorials/spring-batch/reading-external-sources/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/reading-external-sources/Introduction Not all batch input comes from files or databases. You may need to pull orders from an e-commerce API, sync products from a supplier feed, or process CSV exports stored in Amazon S3. Spring Batch provides MultiResourceItemReader for S3 files and a clean ItemReader interface for anything else. In this article you will build: A custom ItemReader that pages through a REST API An S3 reader that downloads files on demand A composite reader that merges multiple sources into one step The ItemReader Contract The entire ItemReader interface is one method:https://blog.devops-monk.com/tutorials/spring-batch/reading-from-mysql/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/reading-from-mysql/Introduction Most real batch jobs read from a database, not a file. Spring Batch provides two JDBC readers for this: Reader Strategy Thread-safe Use when JdbcCursorItemReader Open a server-side cursor, stream rows No Single-threaded step, huge result sets JdbcPagingItemReader Execute LIMIT / OFFSET queries in a loop Yes Multi-threaded steps, sorted data Both handle restartability automatically and both work with any DataSource — including MySQL. JdbcCursorItemReader How it works The reader opens a single JDBC ResultSet on Step.https://blog.devops-monk.com/tutorials/spring-batch/reading-with-jpa/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/reading-with-jpa/Introduction When your application already uses JPA/Hibernate, JpaPagingItemReader lets you read data using JPQL queries and mapped entities instead of raw JDBC. You get the full object graph, type-safe queries, and familiar entity lifecycle — but you also inherit JPA&rsquo;s pitfalls: the N+1 problem, session-per-read overhead, and first-level cache growth. This article covers: When to choose JpaPagingItemReader over JdbcPagingItemReader Setting up the reader with JPQL and named queries Fetching associations to avoid N+1 Clearing the persistence context to prevent memory leaks A complete order-processing example with MySQL When to Use JpaPagingItemReader Use it when:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kafka-outbox-pattern/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kafka-outbox-pattern/There is a fundamental problem with publishing Kafka events after a database commit: if the application crashes between the commit and the publish, the event is lost forever. The Transactional Outbox Pattern solves this. The Problem @Transactional public Order createOrder(CreateOrderRequest request) { Order order = orderRepository.save(buildOrder(request)); // DB committed ✓ kafkaTemplate.send(&#34;order-events&#34;, event); // ← Crash here → event lost, DB already committed // → Inventory never updated, customer never notified return order; } Two distributed systems (PostgreSQL and Kafka) can&rsquo;t be in a single transaction.https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-resilience4j/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-resilience4j/In microservices, every network call can fail. A slow dependency can exhaust your thread pool, cascading into a full outage. Resilience4j provides the patterns to handle these failures gracefully — without hiding them. Setup &lt;dependency&gt; &lt;groupId&gt;io.github.resilience4j&lt;/groupId&gt; &lt;artifactId&gt;resilience4j-spring-boot3&lt;/artifactId&gt; &lt;version&gt;2.2.0&lt;/version&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-aop&lt;/artifactId&gt; &lt;/dependency&gt; Circuit Breaker A circuit breaker wraps a remote call. When failures exceed a threshold, the circuit &ldquo;opens&rdquo; and calls fail immediately (without waiting for a timeout) — protecting your thread pool and giving the failing service time to recover.https://blog.devops-monk.com/tutorials/spring-batch/retry-logic/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/retry-logic/Introduction Batch jobs interact with databases, REST APIs, and file systems — all of which fail transiently. A MySQL deadlock resolves itself in milliseconds. A network timeout to an external service clears up in seconds. Retrying these transient failures automatically is far better than failing the entire job and requiring a manual restart. Spring Batch has built-in retry support at the step level, integrated with its transaction management. This article covers everything you need to configure robust retry behaviour.https://blog.devops-monk.com/tutorials/spring-boot/spring-security-rbac/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-security-rbac/Roles and permissions control what authenticated users can do. This article implements a complete RBAC system — from URL-level rules to method-level security and resource ownership checks. Roles vs Permissions Roles are coarse-grained groupings (USER, MANAGER, ADMIN). Permissions are fine-grained actions (READ_ORDERS, WRITE_PRODUCTS, DELETE_USERS). Assign permissions to roles: ADMIN → all permissions MANAGER → READ_ORDERS, WRITE_ORDERS, READ_PRODUCTS, WRITE_PRODUCTS USER → READ_OWN_ORDERS, WRITE_OWN_ORDERS, READ_PRODUCTS Model permissions as a typed enum: public enum Permission { // Order permissions READ_ORDERS, WRITE_ORDERS, DELETE_ORDERS, READ_OWN_ORDERS, WRITE_OWN_ORDERS, // Product permissions READ_PRODUCTS, WRITE_PRODUCTS, DELETE_PRODUCTS, // User management READ_USERS, WRITE_USERS, DELETE_USERS } public enum Role { USER(Set.https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-eureka-service-discovery/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-cloud-eureka-service-discovery/In a microservices environment, services scale up and down dynamically. You can&rsquo;t hardcode IP addresses — a service running on 10 pods today has 10 different addresses. Service discovery solves this: services register themselves, and clients look up live instances by name. What Service Discovery Does Without service discovery: Order Service → http://192.168.1.45:8081/api/inventory ← hardcoded, breaks when IP changes With service discovery: Order Service → &#34;inventory-service&#34; → Eureka → [192.168.1.45:8081, 192.https://blog.devops-monk.com/tutorials/spring-batch/skip-logic-restartability/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/skip-logic-restartability/Introduction Retry handles transient failures. Skip handles permanent ones — bad data rows, constraint violations, malformed records that will never succeed no matter how many times you retry. Skip logic lets your job continue processing good records while recording bad ones for human review. This article covers: Configuring skip for specific exception types Custom SkipPolicy for fine-grained control Dead-letter table pattern for tracking skipped items Stopping a job intentionally vs failing it Handling abandoned executions Designing jobs that restart safely after any failure Basic Skip Configuration return new StepBuilder(&#34;importOrdersStep&#34;, jobRepository) .https://blog.devops-monk.com/2026/05/spring-ai-rag-application/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-ai-rag-application/Spring AI 1.0 GA shipped in May 2025. It brings the Spring programming model to AI development: a unified ChatClient API that works across Claude, OpenAI, Gemini, Ollama, and Azure OpenAI — switching AI providers is changing one dependency. This guide builds a complete RAG (Retrieval-Augmented Generation) application that answers questions about your documentation using any AI provider. What Is RAG? A large language model (LLM) knows everything in its training data but nothing about your specific documents, code, or business data.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-spring-ai-rag/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-spring-ai-rag/Large language models know a lot — but not about your data. RAG (Retrieval-Augmented Generation) solves this: find the relevant context from your documents, inject it into the prompt, and let the model answer grounded in your data. This article builds a complete RAG API with Spring AI 2.0. What You&rsquo;ll Build A Q&amp;A API over your product documentation: User: &#34;What&#39;s the return policy for electronics?&#34; → Search vector store for relevant docs → Inject matching paragraphs into prompt → Claude/GPT answers based on your actual docs Without RAG: the LLM guesses or hallucinate your policy.https://blog.devops-monk.com/tutorials/spring-boot/spring-bean-scopes-lifecycle/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-bean-scopes-lifecycle/Every bean in the Spring container has a scope (how many instances exist and for how long) and a lifecycle (what happens when it&rsquo;s created and destroyed). Understanding these prevents subtle bugs and lets you optimize resource usage. Bean Scopes Overview Scope Instances Available in singleton One per ApplicationContext All apps prototype New instance every time All apps request One per HTTP request Web apps session One per HTTP session Web apps application One per ServletContext Web apps Singleton (Default) By default, every Spring bean is a singleton — one instance per ApplicationContext.https://blog.devops-monk.com/tutorials/spring-batch/spring-boot-spring-batch-setup/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/spring-boot-spring-batch-setup/Article 2 showed how chunk processing works conceptually. This article sets up the real project you&rsquo;ll build on for the rest of the series — complete Maven configuration, MySQL metadata tables, multiple ways to trigger jobs, and correct use of JobParameters. Everything in this article is production-ready from the start. Project Dependencies Add spring-boot-starter-batch to your Maven project. That one starter brings in everything you need. &lt;?xml version=&#34;1.0&#34; encoding=&#34;UTF-8&#34;?&gt; &lt;project xmlns=&#34;http://maven.https://blog.devops-monk.com/2026/05/spring-boot-migration-guide/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-migration-guide/Many teams are still running Spring Boot 2.7.x. Spring Boot 2.x reached end of life in November 2023, which means no more security patches. The jump to 4.0 is two generations, and the breaking changes are real — but they are also well-documented and mostly automatable. This guide walks through the migration in stages: 2.x → 3.0 first, then 3.x incremental updates, then 4.0. Each section lists what breaks and how to fix it.https://blog.devops-monk.com/2026/05/spring-boot-4-complete-guide/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-4-complete-guide/Spring Boot 4.0 was released on November 20, 2025. It is built on Spring Framework 7 and represents the most significant shift in the Spring ecosystem since the Jakarta EE migration in Spring Boot 3. The headline change is full modularisation — the single spring-boot-autoconfigure JAR has been split into 70+ granular modules. But that is just the start. This guide covers every change that matters, what breaks on upgrade, and what is genuinely new and useful.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-actuator/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-actuator/A running application is not enough — you need to know if it&rsquo;s healthy, how it&rsquo;s performing, and what it&rsquo;s doing. Spring Boot Actuator exposes that information through HTTP endpoints and metrics. Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-actuator&lt;/artifactId&gt; &lt;/dependency&gt; By default, only /actuator/health and /actuator/info are exposed over HTTP. Everything else is available via JMX. Enable what you need: management: endpoints: web: exposure: include: health,info,metrics,prometheus,conditions,beans,env,loggers,threaddump,heapdump base-path: /actuator endpoint: health: show-details: when-authorized # or &#39;always&#39; (dev), &#39;never&#39; (public) show-components: when-authorized metrics: enabled: true server: port: 8081 # expose actuator on a separate port (not public-facing) Health Endpoint GET /actuator/health — used by Kubernetes liveness/readiness probes and load balancers:https://blog.devops-monk.com/2026/05/spring-boot-actuator-prometheus-grafana/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-actuator-prometheus-grafana/Spring Boot Actuator exposes production-ready operational endpoints — health checks, metrics, environment info, thread dumps — out of the box. Combined with Prometheus and Grafana, you get a full monitoring stack with minimal configuration. This guide covers everything from initial setup to Kubernetes health probes, custom metrics, and securing your management endpoints. Setup Dependencies &lt;dependencies&gt; &lt;!-- Actuator --&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-actuator&lt;/artifactId&gt; &lt;/dependency&gt; &lt;!-- Micrometer Prometheus registry --&gt; &lt;dependency&gt; &lt;groupId&gt;io.micrometer&lt;/groupId&gt; &lt;artifactId&gt;micrometer-registry-prometheus&lt;/artifactId&gt; &lt;scope&gt;runtime&lt;/scope&gt; &lt;/dependency&gt; &lt;/dependencies&gt; Basic configuration # application.https://blog.devops-monk.com/2026/05/spring-boot-caching-caffeine-redis/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-caching-caffeine-redis/Caching reduces database load and response latency. Spring Boot&rsquo;s cache abstraction lets you add caching with annotations, then swap the implementation (Caffeine, Redis, multi-level) without changing your business code. This guide covers Caffeine for in-JVM caching, Redis for distributed caching, and a multi-level cache that combines both. Spring Cache Abstraction Spring&rsquo;s cache abstraction uses three annotations: Annotation Behaviour @Cacheable Cache the return value. On subsequent calls, return from cache without executing the method.https://blog.devops-monk.com/2026/05/spring-boot-docker-guide/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-docker-guide/There are three ways to containerise a Spring Boot application: a naive single-stage Dockerfile, a proper multi-stage Dockerfile with layered JARs, and Cloud Native Buildpacks. Each has different tradeoffs in build speed, image size, and maintenance overhead. This guide covers all three approaches, explains why layered JARs matter for CI/CD speed, and shows how to produce small, secure, production-ready images. The Problem with the Naive Dockerfile Most tutorials show this:https://blog.devops-monk.com/2026/05/spring-boot-observability-stack/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-observability-stack/Observability means you can answer &ldquo;what is wrong and why&rdquo; from your system&rsquo;s outputs alone — without adding new instrumentation after an incident. It requires three types of data: metrics (what happened), traces (why it happened), and logs (the details). Spring Boot 4 ships a single OpenTelemetry starter that covers all three. This guide shows how to wire up the complete observability stack: Prometheus + Grafana for metrics, Grafana Tempo for distributed tracing, and Grafana Loki for logs.https://blog.devops-monk.com/tutorials/liquibase/liquibase-spring-boot-integration/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/liquibase/liquibase-spring-boot-integration/Running Liquibase from the CLI is fine for learning and for standalone scripts. In a real Spring Boot application, you want migrations to run automatically at startup — before the application code touches the database. Spring Boot&rsquo;s Liquibase auto-configuration handles this with zero boilerplate: add the dependency, point to your changelog, and migrations run before the application context is ready. This article covers the complete integration: Maven/Gradle setup, how auto-run works and why, the full spring.https://blog.devops-monk.com/2026/05/spring-boot-jpa-performance/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-jpa-performance/JPA makes database access simple. It also makes it dangerously easy to write code that fires 100 SQL queries to load 10 records. The N+1 problem alone has caused more production performance incidents than almost any other JPA issue. This guide covers how to find and fix the five most common JPA performance problems: N+1 queries, LazyInitializationException, over-fetching, poor connection pool sizing, and Hibernate 6 breaking changes. Enable SQL Logging First Before optimizing anything, see exactly what queries are firing:https://blog.devops-monk.com/2026/05/spring-boot-microservices-full-stack/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-microservices-full-stack/Building microservices requires more than splitting a monolith into services. You need service discovery, a gateway to route traffic, centralised configuration management, and resilience patterns to handle inevitable failures. Spring Cloud provides all of this as a cohesive stack. This guide builds a complete microservices architecture from scratch: Eureka for service discovery, Spring Cloud Gateway for routing, Spring Cloud Config Server for centralised config, and Resilience4j for circuit breakers and retry.https://blog.devops-monk.com/2026/05/spring-boot-oauth2-jwt-security/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-oauth2-jwt-security/Zero-trust API security means every request is validated independently — no session state, no &ldquo;trusted network&rdquo; assumptions. A JWT bearer token is issued by an authorisation server, signed cryptographically, and validated on every API call. The API never calls back to the authorisation server during validation; it verifies the token&rsquo;s signature locally. This guide covers the complete setup: dependencies, resource server configuration, token validation (both symmetric and asymmetric), extracting claims, role-based access control, method-level security, and the Spring Security 7 changes that break existing setups.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kubernetes/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-kubernetes/Kubernetes is the standard platform for running containerized microservices. Spring Boot integrates naturally with Kubernetes — Actuator probes map directly to Kubernetes probes, and Spring configuration maps to ConfigMaps and Secrets. Core Kubernetes Resources Deployment # deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: order-service labels: app: order-service spec: replicas: 3 selector: matchLabels: app: order-service template: metadata: labels: app: order-service version: &#34;1.2.3&#34; spec: containers: - name: order-service image: devopsmonk/order-service:1.2.3 ports: - containerPort: 8080 name: http - containerPort: 8081 name: management # Resource limits — always set these resources: requests: memory: &#34;256Mi&#34; cpu: &#34;250m&#34; limits: memory: &#34;512Mi&#34; cpu: &#34;1000m&#34; # Environment from ConfigMap and Secret envFrom: - configMapRef: name: order-service-config - secretRef: name: order-service-secrets # Individual env vars env: - name: SPRING_PROFILES_ACTIVE value: prod - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.https://blog.devops-monk.com/2026/05/spring-boot-kubernetes-guide/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-kubernetes-guide/Running Spring Boot on Kubernetes is not just packaging the app in a container and deploying it. You need to configure health probes correctly, handle graceful shutdown so in-flight requests don&rsquo;t get dropped, manage configuration without baking secrets into images, and make sure the JVM respects container memory limits. This guide covers the production-critical Kubernetes configuration for Spring Boot applications. Health Probes Kubernetes uses three probe types to manage pod lifecycle:https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-project-structure/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-project-structure/A Spring Boot project looks simple on the surface but has a specific structure with specific conventions. Understanding it upfront saves hours of confusion later. The Standard Layout order-service/ ├── pom.xml ├── mvnw # Maven Wrapper script (Unix) ├── mvnw.cmd # Maven Wrapper script (Windows) ├── .mvn/ │ └── wrapper/ │ └── maven-wrapper.properties └── src/ ├── main/ │ ├── java/ │ │ └── com/devopsmonk/orderservice/ │ │ └── OrderServiceApplication.java │ └── resources/ │ ├── application.https://blog.devops-monk.com/2026/05/spring-boot-testcontainers/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-testcontainers/Testcontainers spins up real Docker containers for your tests — a real PostgreSQL database, a real Redis, a real Kafka broker. No more mocking JDBC connections or in-memory H2 databases that behave differently from production. Spring Boot 3.1 added @ServiceConnection, which removes the boilerplate of configuring connection URLs manually. This guide covers the right patterns for fast, reliable integration tests with Testcontainers. Why Testcontainers Over H2 Teams use H2 in-memory databases for testing because it&rsquo;s fast.https://blog.devops-monk.com/2026/05/spring-boot-virtual-threads/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-virtual-threads/Virtual Threads landed in Java 21 as a stable feature, and Spring Boot 3.2 added first-class support with a single property. The promise: write simple blocking code and get WebFlux-level throughput. The reality is mostly true — with some important exceptions. This article covers what Virtual Threads actually are, how to enable them in Spring Boot, real benchmark numbers, the three pitfalls that will silently destroy your performance, and a decision framework for when to use them (and when not to).https://blog.devops-monk.com/2026/05/spring-boot-vs-quarkus/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-vs-quarkus/Every year, someone asks: &ldquo;Should we use Spring Boot or Quarkus?&rdquo; In 2026, both frameworks are mature, both run natively, and both work well on Kubernetes. The differences come down to developer experience, ecosystem size, and specific performance characteristics. This is an honest comparison with real numbers, not marketing claims. The Frameworks at a Glance Spring Boot 4 (November 2025): Built on Spring Framework 7. The de-facto standard for enterprise Java.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-postgresql/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-postgresql/PostgreSQL offers powerful features beyond basic SQL — JSONB, arrays, full-text search, advisory locks. This article shows how to use them from Spring Boot and how to tune HikariCP for production. Project Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-data-jpa&lt;/artifactId&gt; &lt;/dependency&gt; &lt;dependency&gt; &lt;groupId&gt;org.postgresql&lt;/groupId&gt; &lt;artifactId&gt;postgresql&lt;/artifactId&gt; &lt;scope&gt;runtime&lt;/scope&gt; &lt;/dependency&gt; spring: datasource: url: jdbc:postgresql://localhost:5432/orderdb username: app password: ${DB_PASSWORD} driver-class-name: org.postgresql.Driver jpa: database-platform: org.hibernate.dialect.PostgreSQLDialect hibernate: ddl-auto: validate HikariCP — Connection Pool Tuning Spring Boot uses HikariCP by default — the fastest JDBC connection pool.https://blog.devops-monk.com/tutorials/spring-boot/spring-ioc-dependency-injection/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-ioc-dependency-injection/Every Spring Boot application is built on one idea: the framework creates and wires your objects, not you. This article explains how that works and how to use it effectively. Inversion of Control In traditional Java, you create objects yourself: // You control the dependencies public class OrderService { private final OrderRepository repository = new JpaOrderRepository(); private final EmailService email = new SmtpEmailService(&#34;smtp.gmail.com&#34;); } Problems: OrderService is tightly coupled to specific implementations You can&rsquo;t swap JpaOrderRepository for a mock in tests without editing OrderService If SmtpEmailService needs its own dependencies, you must construct those too Inversion of Control (IoC) flips this: instead of creating your dependencies, you declare what you need and let a container provide them.https://blog.devops-monk.com/2026/05/spring-modulith-guide/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-modulith-guide/Microservices solve real problems: independent deployability, team autonomy, technology flexibility. They also create real problems: distributed transactions, network latency, operational complexity. Many teams split into microservices too early, before they understand their domain well enough to draw stable boundaries. Spring Modulith gives you module boundaries, enforced isolation, and event-driven decoupling inside a single deployable JAR. It&rsquo;s the pragmatic middle ground. The Modular Monolith Problem It Solves A typical Spring Boot monolith looks like this after a year:https://blog.devops-monk.com/tutorials/spring-boot/spring-security-fundamentals/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-security-fundamentals/Spring Security is powerful but famously hard to understand. This article demystifies the core: the filter chain, how requests are processed, and how authentication and authorization work before writing a line of security config. Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-security&lt;/artifactId&gt; &lt;/dependency&gt; The moment you add this dependency, Spring Boot&rsquo;s auto-configuration secures all endpoints with HTTP Basic authentication. A random password is printed at startup. This is the starting point — you&rsquo;ll replace the defaults.https://blog.devops-monk.com/tutorials/spring-batch/tasklets/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/tasklets/Introduction Not every step in a batch job reads-processes-writes a stream of items. Sometimes you need to: Delete yesterday&rsquo;s temp files before reading today&rsquo;s data Truncate a staging table before loading new data Call a stored procedure to aggregate results Send an email or Slack notification after processing Execute a DDL statement to add an index These operations do not have items — they are single units of work. Spring Batch handles them with the Tasklet interface.https://blog.devops-monk.com/tutorials/liquibase/liquibase-testing-migrations/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/liquibase/liquibase-testing-migrations/The CI pipeline from Article 19 validates migrations against a MySQL service container. But that&rsquo;s not the same as testing that your application code works correctly after the migration runs. This article covers how to structure Spring Boot tests that validate both the migration and the application behaviour — and makes the case for replacing H2 with Testcontainers as your primary testing database. Three Testing Strategies Strategy Database Speed Fidelity Use For H2 in-memory H2 (in-memory) Fastest Low — MySQL-specific SQL fails Unit tests that mock repositories H2 with MySQL mode H2 (MySQL compat) Fast Medium — most SQL works, some quirks Basic integration tests on simple schemas Testcontainers Real MySQL 8.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-security-testing/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-security-testing/Security tests verify that your endpoints behave correctly for different users, roles, and authentication states. This article covers the full toolkit — from simple annotations to custom security contexts. Setup &lt;dependency&gt; &lt;groupId&gt;org.springframework.security&lt;/groupId&gt; &lt;artifactId&gt;spring-security-test&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; spring-boot-starter-test includes this automatically. @WithMockUser — Simple Role-Based Tests The simplest way to run a test as an authenticated user: @WebMvcTest(OrderController.class) class OrderControllerSecurityTest { @Autowired MockMvc mockMvc; @MockBean OrderService orderService; // No authentication @Test void unauthenticatedUserIsRejected() throws Exception { mockMvc.https://blog.devops-monk.com/tutorials/spring-batch/testing-spring-batch/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/testing-spring-batch/Introduction Spring Batch jobs are code — they need tests. Without tests you will catch errors in production. With tests you catch them in CI. Spring Batch has a dedicated testing module that provides @SpringBatchTest, JobLauncherTestUtils, and JobRepositoryTestUtils. These tools let you: Run a complete job in a test and assert on its BatchStatus Launch individual steps and inspect StepExecution counters Test readers, processors, and writers in complete isolation This article covers all three levels: unit, integration, and database integration with Testcontainers.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-unit-testing/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-unit-testing/Good tests catch regressions, document behavior, and give you confidence to refactor. Bad tests slow you down. This article covers unit testing at the service layer — fast, focused, no Spring context needed. Setup &lt;!-- spring-boot-starter-test includes JUnit 5, Mockito, AssertJ --&gt; &lt;dependency&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-starter-test&lt;/artifactId&gt; &lt;scope&gt;test&lt;/scope&gt; &lt;/dependency&gt; This pulls in: JUnit 5 (Jupiter) — test runner and assertions Mockito — mocking framework AssertJ — fluent assertions (assertThat(...)) Hamcrest — matcher library MockMvc — web layer testing (next article) Testcontainers integration Unit Tests vs Integration Tests Unit Integration Scope One class in isolation Multiple components together Dependencies All mocked Real or near-real Speed Milliseconds Seconds to minutes Context No Spring context Spring context loads Purpose Logic correctness Component interaction Start with unit tests.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-repository-testing/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-repository-testing/Repository tests verify your queries work correctly against a real database. Spring Boot&rsquo;s @DataJpaTest starts a minimal slice — only JPA components — making tests fast while still catching real SQL issues. @DataJpaTest — What It Loads @DataJpaTest is a test slice annotation: @DataJpaTest class OrderRepositoryTest { // Spring loads: // - Your @Entity classes // - Your @Repository interfaces // - JPA infrastructure (EntityManager, transactions) // - An in-memory H2 database (by default) // // Spring does NOT load: // - @Service, @Controller, @Component classes // - Security configuration // - The full ApplicationContext } Each test method runs in a transaction that&rsquo;s rolled back at the end — no data pollution between tests.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-web-layer-testing/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-web-layer-testing/Controller tests verify HTTP mapping, request parsing, validation, serialization, and security — without starting a full server. @WebMvcTest + MockMvc gives you a fast, focused web layer test. @WebMvcTest — What It Loads @WebMvcTest(OrderController.class) class OrderControllerTest { // Spring loads: // - Your @Controller class (and its dependencies) // - DispatcherServlet, MVC configuration // - Jackson ObjectMapper // - Security (if configured) // // Spring does NOT load: // - @Service, @Repository beans // - Database, JPA // // You @MockBean all services } Basic Controller Test @WebMvcTest(OrderController.https://blog.devops-monk.com/2026/05/spring-boot-interview-questions/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/2026/05/spring-boot-interview-questions/These are the questions that actually come up in Spring Boot interviews — at startups, scale-ups, and large enterprises. Each answer explains the concept clearly, with the level of depth an interviewer expects from a mid-level or senior developer. Questions are grouped by topic. For junior roles, focus on sections 1–3. For senior roles, everything here is fair game. Section 1: Core Fundamentals Q1. What is the difference between Spring and Spring Boot?https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-transactions/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-transactions/A transaction ensures that a group of operations either all succeed or all fail — no partial state. Spring&rsquo;s @Transactional makes this simple to use, but the underlying mechanics matter when things go wrong. How @Transactional Works @Transactional is implemented via AOP (Aspect-Oriented Programming). Spring wraps your bean in a proxy: Client calls orderService.create() │ ▼ Spring AOP proxy intercepts the call │ ▼ BEGIN TRANSACTION │ ▼ Your actual method body executes (all DB operations share one connection and transaction) │ ├─ No exception → COMMIT │ └─ RuntimeException thrown → ROLLBACK │ ▼ Client receives result (or exception) This means @Transactional only works when:https://blog.devops-monk.com/tutorials/spring-batch/item-processor/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/item-processor/Introduction ItemProcessor&lt;I, O&gt; sits between the reader and the writer. It receives one item at a time and returns a transformed item — or null to filter the item out entirely. Processors are optional: if your job reads and writes the same type with no transformation needed, you can omit them. The processor interface is one method: public interface ItemProcessor&lt;I, O&gt; { O process(I item) throws Exception; } Return a processed item to pass it to the writer.https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-4-whats-new/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/spring-boot-4-whats-new/Spring Boot 4.0 (November 2025) is a major release built on Spring Framework 7 and Java 17+. It&rsquo;s the most significant Spring release since Boot 3&rsquo;s Jakarta EE migration. This article covers every change that affects a practicing developer. Minimum Requirements Spring Boot 3.x Spring Boot 4.0 Java 17 17 (baseline), 21 recommended Spring Framework 6.x 7.x Jakarta EE 10 11 Tomcat 10.x 11.x Hibernate 6.x 7.x Gradle (if used) 7.https://blog.devops-monk.com/tutorials/spring-batch/writing-files-databases/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-batch/writing-files-databases/Introduction After reading and processing data, your batch job needs to write results somewhere. Spring Batch provides two essential writers: FlatFileItemWriter — writes items to CSV or any delimited/formatted flat file JdbcBatchItemWriter — writes items to a database using JDBC batch inserts/updates Both are transactional and restartable. This article covers both in depth, plus transaction semantics you must understand to avoid duplicates and partial writes. How Writers Work in Spring Batch Writers receive a Chunk&lt;O&gt; — a list of all items processed in the current transaction.https://blog.devops-monk.com/tutorials/spring-boot/first-spring-boot-application/Sun, 03 May 2026 00:00:00 +0000https://blog.devops-monk.com/tutorials/spring-boot/first-spring-boot-application/In this article you&rsquo;ll create a Spring Boot application, add a REST endpoint, and run it — all in under 10 minutes. Then you&rsquo;ll understand exactly what each piece does. What you&rsquo;ll build: A Spring Boot app that responds to GET /hello with &quot;Hello, Spring Boot!&quot;. Prerequisites JDK 21 or higher installed (java -version to verify) Maven 3.9+ installed (mvn -version to verify) An IDE — IntelliJ IDEA (recommended), VS Code with Java extension, or Eclipse Step 1: Generate the Project Go to start.