Java Springboot

1---2name: java-springboot3description: 'Get best practices for developing applications with Spring Boot.'4---5 6# Spring Boot Best Practices7 8Your goal is to help me write high-quality Spring Boot applications by following established best practices.9 10## Project Setup & Structure11 12- **Build Tool:** Use Maven (`pom.xml`) or Gradle (`build.gradle`) for dependency management.13- **Starters:** Use Spring Boot starters (e.g., `spring-boot-starter-web`, `spring-boot-starter-data-jpa`) to simplify dependency management.14- **Package Structure:** Organize code by feature/domain (e.g., `com.example.app.order`, `com.example.app.user`) rather than by layer (e.g., `com.example.app.controller`, `com.example.app.service`).15 16## Dependency Injection & Components17 18- **Constructor Injection:** Always use constructor-based injection for required dependencies. This makes components easier to test and dependencies explicit.19- **Immutability:** Declare dependency fields as `private final`.20- **Component Stereotypes:** Use `@Component`, `@Service`, `@Repository`, and `@Controller`/`@RestController` annotations appropriately to define beans.21 22## Configuration23 24- **Externalized Configuration:** Use `application.yml` (or `application.properties`) for configuration. YAML is often preferred for its readability and hierarchical structure.25- **Type-Safe Properties:** Use `@ConfigurationProperties` to bind configuration to strongly-typed Java objects.26- **Profiles:** Use Spring Profiles (`application-dev.yml`, `application-prod.yml`) to manage environment-specific configurations.27- **Secrets Management:** Do not hardcode secrets. Use environment variables, or a dedicated secret management tool like HashiCorp Vault or AWS Secrets Manager.28 29## Web Layer (Controllers)30 31- **RESTful APIs:** Design clear and consistent RESTful endpoints.32- **DTOs (Data Transfer Objects):** Use DTOs to expose and consume data in the API layer. Do not expose JPA entities directly to the client.33- **Validation:** Use Java Bean Validation (JSR 380) with annotations (`@Valid`, `@NotNull`, `@Size`) on DTOs to validate request payloads.34- **Error Handling:** Implement a global exception handler using `@ControllerAdvice` and `@ExceptionHandler` to provide consistent error responses.35 36## Service Layer37 38- **Business Logic:** Encapsulate all business logic within `@Service` classes.39- **Statelessness:** Services should be stateless.40- **Transaction Management:** Use `@Transactional` on service methods to manage database transactions declaratively. Apply it at the most granular level necessary.41 42## Data Layer (Repositories)43 44- **Spring Data JPA:** Use Spring Data JPA repositories by extending `JpaRepository` or `CrudRepository` for standard database operations.45- **Custom Queries:** For complex queries, use `@Query` or the JPA Criteria API.46- **Projections:** Use DTO projections to fetch only the necessary data from the database.47 48## Logging49 50- **SLF4J:** Use the SLF4J API for logging.51- **Logger Declaration:** `private static final Logger logger = LoggerFactory.getLogger(MyClass.class);`52- **Parameterized Logging:** Use parameterized messages (`logger.info("Processing user {}...", userId);`) instead of string concatenation to improve performance.53 54## Testing55 56- **Unit Tests:** Write unit tests for services and components using JUnit 5 and a mocking framework like Mockito.57- **Integration Tests:** Use `@SpringBootTest` for integration tests that load the Spring application context.58- **Test Slices:** Use test slice annotations like `@WebMvcTest` (for controllers) or `@DataJpaTest` (for repositories) to test specific parts of the application in isolation.59- **Testcontainers:** Consider using Testcontainers for reliable integration tests with real databases, message brokers, etc.60 61## Security62 63- **Spring Security:** Use Spring Security for authentication and authorization.64- **Password Encoding:** Always encode passwords using a strong hashing algorithm like BCrypt.65- **Input Sanitization:** Prevent SQL injection by using Spring Data JPA or parameterized queries. Prevent Cross-Site Scripting (XSS) by properly encoding output.