Cheat Sheets

Three dense quick references by persona—core annotations and REST for juniors, security and testing for mid-level, and production tuning for seniors. Use Copy sheet for plain text, persona filters to focus one level, or print (Cmd/Ctrl+P).

junior mid senior

Junior Cheat Sheet

Stereotypes, DI, REST, validation, JPA basics, properties. Chapters: IoC & DI, Web MVC, Spring Data.

junior

Core stereotypes & DI

Annotation	Role	Notes
`@Component`	Generic Spring bean	Scanned in base package
`@Service`	Business logic	Semantic alias of `@Component`
`@Repository`	Persistence	Translates persistence exceptions
`@Configuration`	Java config class	Contains `@Bean` methods
`@Bean`	Factory method bean	Explicit registration
`@Autowired`	Inject dependency	Prefer constructor injection
`@Qualifier("name")`	Pick bean when multiple	With constructor param
`@Primary`	Default when ambiguous	On one implementation
`@Value("${key}")`	Inject property	Default: `${key:default}`
`@Profile("dev")`	Conditional bean	Activate via `spring.profiles.active`

@Service
class OrderService {
  private final OrderRepository orders;
  OrderService(OrderRepository orders) { this.orders = orders; }
}

Bean scopes

Scope	Lifecycle
`singleton` (default)	One instance per container
`prototype`	New instance per injection/getBean
`request` / `session`	Web-aware; one per HTTP request/session

REST controller annotations

Annotation	Purpose
`@RestController`	`@Controller` + `@ResponseBody` on class
`@RequestMapping("/api")`	Base path (class or method)
`@GetMapping` / `@PostMapping`	HTTP verb shortcuts
`@PutMapping` / `@PatchMapping` / `@DeleteMapping`	Update / partial / delete
`@PathVariable`	URI segment: `/orders/{id}`
`@RequestParam`	Query: `?page=0&size=20`
`@RequestBody`	Deserialize JSON body
`@ResponseStatus(HttpStatus.CREATED)`	Override default status
`ResponseEntity<T>`	Status + headers + body

@RestController
@RequestMapping("/api/orders")
class OrderController {
  @GetMapping("/{id}")
  OrderDto get(@PathVariable Long id) { return service.find(id); }

  @PostMapping
  @ResponseStatus(HttpStatus.CREATED)
  OrderDto create(@Valid @RequestBody CreateOrderRequest req) {
    return service.create(req);
  }
}

Validation

Annotation	Constraint
`@Valid` / `@Validated`	Trigger validation on object/param
`@NotNull` / `@NotBlank` / `@NotEmpty`	Presence
`@Size(min, max)`	String/collection length
`@Min` / `@Max`	Numeric bounds
`@Email` / `@Pattern`	Format
`@Positive` / `@PositiveOrZero`	Sign (Bean Validation 2.0+)

Spring Data JPA — essentials

API	Example
Repository	`interface OrderRepo extends JpaRepository<Order, Long>`
Query methods	`findByStatusAndCreatedAtAfter(String s, Instant t)`
`@Query`	JPQL: `@Query("SELECT o FROM Order o WHERE o.status = :s")`
`@Entity` / `@Id`	JPA mapping; `@GeneratedValue` for IDs
`@Transactional`	Transactional boundary on service methods
Pagination	`Page<Order> findByStatus(String s, Pageable p)`

@Transactional(readOnly = true)
public Order findById(Long id) {
  return repo.findById(id).orElseThrow(() -> new OrderNotFoundException(id));
}

application.properties / YAML

Property	Purpose
`spring.application.name`	Service name in logs/metrics
`server.port`	HTTP port (default 8080)
`spring.datasource.url`	JDBC URL
`spring.jpa.hibernate.ddl-auto`	`validate` prod; `update` dev only
`spring.profiles.active`	Active profile(s)
`logging.level.com.acme`	Package log level

Boot starter cheat map

Starter	Brings
`spring-boot-starter-web`	MVC, Tomcat, Jackson
`spring-boot-starter-data-jpa`	JPA, Hibernate, JDBC
`spring-boot-starter-validation`	Bean Validation
`spring-boot-starter-test`	JUnit 5, Mockito, AssertJ, MockMvc
`spring-boot-starter-actuator`	Health, metrics endpoints

Mid-Level Cheat Sheet

Transactions, security, caching, async, testing slices, Boot config. Chapters: Security, Caching, Testing, Boot Internals.

mid

@Transactional — propagation & isolation

Propagation	Behavior
`REQUIRED` (default)	Join existing or create new
`REQUIRES_NEW`	Suspend current; always new tx
`NESTED`	Savepoint within outer tx (JDBC)
`SUPPORTS`	Join if exists; non-tx otherwise
`NOT_SUPPORTED`	Suspend tx; run non-transactional
`MANDATORY`	Must have tx; else exception
`NEVER`	Must not have tx

Option	Typical use
`readOnly = true`	Queries; Hibernate skip dirty check
`rollbackFor = Exception.class`	Rollback on checked exceptions
`timeout = 30`	Seconds before tx timeout
`isolation = READ_COMMITTED`	Rare override; DB default usually fine

// Self-invocation bypasses proxy — call from another bean
@Transactional(propagation = Propagation.REQUIRES_NEW)
public void audit(Order order) { auditRepo.save(...); }

Spring Security — filter chain

Concept	Snippet / note
SecurityFilterChain	`@Bean SecurityFilterChain filterChain(HttpSecurity http)`
Authorize	`.authorizeHttpRequests(a -> a.requestMatchers("/public/**").permitAll().anyRequest().authenticated())`
Stateless JWT	`.sessionManagement(s -> s.sessionCreationPolicy(STATELESS))`
CSRF	Disable for stateless APIs: `.csrf(csrf -> csrf.disable())`
`@PreAuthorize`	`@PreAuthorize("hasRole('ADMIN')")` — enable method security
`@EnableMethodSecurity`	Replaces deprecated `@EnableGlobalMethodSecurity`
Test	`@WithMockUser(roles = "ADMIN")` on MockMvc tests

Caching annotations

Annotation	Effect
`@EnableCaching`	Activate cache abstraction
`@Cacheable("products")`	Cache return value; skip method on hit
`@CachePut`	Always run method; update cache
`@CacheEvict`	Remove entries (key or allEntries)
`@Caching`	Multiple cache ops on one method
`key`	SpEL: `key = "#id"` or `"#root.methodName"`
`unless`	SpEL: don't cache if true — `unless = "#result == null"`

@Cacheable(value = "orders", key = "#id")
public Order findById(Long id) { return repo.findById(id).orElseThrow(); }

@CacheEvict(value = "orders", key = "#order.id")
public void update(Order order) { repo.save(order); }

Async, scheduling & events

Annotation	Purpose
`@EnableAsync`	Enable `@Async` methods
`@Async`	Run on task executor thread pool
`@EnableScheduling`	Enable `@Scheduled`
`@Scheduled(cron = "0 0 * * * *")`	Cron (6-field with seconds in Spring)
`@Scheduled(fixedDelay = 5000)`	Delay after previous completion
`ApplicationEventPublisher`	Publish domain events
`@EventListener`	Handle event; `@Async` for async handler
`@TransactionalEventListener`	After commit / rollback phase

Test slices — pick the right one

Annotation	Loads	Speed
`@WebMvcTest`	Controllers + MVC; mock services	⚡ fastest web
`@DataJpaTest`	JPA + embedded DB; tx rollback	⚡ fast persistence
`@JsonTest`	Jackson only	⚡ fast serialization
`@RestClientTest`	RestTemplate/WebClient + mock server	Fast client
`@SpringBootTest`	Full context	Slow — few tests
`@MockBean`	Replace bean in test context	—
`@SpyBean`	Wrap real bean; partial mock	—

@WebMvcTest(OrderController.class)
class OrderControllerTest {
  @Autowired MockMvc mockMvc;
  @MockBean OrderService orders;

  @Test void get() throws Exception {
    when(orders.find(1L)).thenReturn(dto);
    mockMvc.perform(get("/api/orders/1"))
        .andExpect(status().isOk())
        .andExpect(jsonPath("$.id").value(1));
  }
}

MockMvc matchers

Matcher	Example
`status()`	`.andExpect(status().isCreated())`
`jsonPath()`	`.andExpect(jsonPath("$.items", hasSize(3)))`
`content()`	`.andExpect(content().contentType(APPLICATION_JSON))`
`header()`	`.andExpect(header().exists("Location"))`
`andDo(print())`	Debug request/response

Spring Boot — config & conditions

Mechanism	Use
`@ConditionalOnProperty`	Feature flag beans
`@ConditionalOnClass`	Auto-config when class present
`@ConfigurationProperties`	Type-safe config prefix binding
`@RefreshScope`	Cloud: rebind on config refresh
`spring.config.import`	Import optional config trees
Actuator	`/actuator/health`, `/actuator/info`, `/actuator/metrics`

JPA pitfalls — quick fixes

Problem	Fix
N+1 queries	`@EntityGraph`, `JOIN FETCH`, `@BatchSize`
LazyInitializationException	Fetch in tx; DTO projection; `@Transactional` on read
Dirty reads in long tx	Short transactions; readOnly for queries
equals/hashCode on entities	Business key or ID only — not collections

Spring Batch — job essentials

Concept	Notes
Chunk step	`.chunk(size, txManager).reader().processor().writer()`
JobParameters	Unique params per run; `RunIdIncrementer`
Skip / retry	`.faultTolerant().skipLimit().retryLimit()`
`@StepScope`	Beans using `jobParameters`
Disable auto-run	`spring.batch.job.enabled=false`

Senior / Architect Cheat Sheet

AOP proxies, WebFlux, observability, production tuning, architecture decisions. Chapters: AOP, WebFlux, Observability, Batch.

senior

AOP — JDK vs CGLIB proxy

	JDK dynamic proxy	CGLIB subclass
Requires	Interface	Concrete class (non-final)
Used when	Bean implements interface(s)	No interface or forced CGLIB
Self-invocation	Internal `this.method()` bypasses proxy — inject self or split bean
Annotations on proxy	`@Transactional`, `@Cacheable`, `@Async` need proxy call

@Aspect @Component
class TimingAspect {
  @Around("@annotation(Timed)")
  Object time(ProceedingJoinPoint pjp) throws Throwable {
    long start = System.nanoTime();
    try { return pjp.proceed(); }
    finally { log.info("{} took {}ms", pjp.getSignature(), (nanoTime()-start)/1e6); }
  }
}

WebFlux & Reactor — operator map

Operator	Use
`Mono<T>` / `Flux<T>`	0–1 / 0–N async publisher
`map`	Sync 1:1 transform
`flatMap`	Async 1:N — DB/HTTP calls
`zip` / `merge` / `concat`	Combine streams
`onErrorResume` / `retryWhen`	Recovery
`timeout` / `cache`	Deadline / memoize
`subscribeOn(boundedElastic)`	Blocking offload — never on event loop
`block()`	Tests/CLI only — not in controllers

@GetMapping("/{id}")
Mono<OrderDto> get(@PathVariable Long id) {
  return orders.findById(id).map(OrderDto::from);
}

// WebClient
client.get().uri("/rates").retrieve().bodyToMono(Rate.class)
    .timeout(Duration.ofSeconds(2))
    .retryWhen(Retry.backoff(3, Duration.ofMillis(100)));

WebFlux vs MVC + virtual threads

Choose WebFlux	Choose MVC (+ vthreads)
Streaming SSE / NDJSON	CRUD + JPA
Backpressure end-to-end	Team knows blocking stack
R2DBC / reactive drivers throughout	Java 21 `spring.threads.virtual.enabled=true`
High fan-out slow I/O composition	Complex ORM graphs

Observability — Micrometer meters

Meter	API
Counter	`registry.counter("orders.created", "channel", "web").increment()`
Timer	`registry.timer("checkout").record(() -> { ... })`
Gauge	`registry.gauge("queue.size", atomicInteger)`
DistributionSummary	`registry.summary("payload.bytes").record(n)`
Prometheus	`GET /actuator/prometheus`
Tag rule	Low cardinality only — no userId/orderId in labels

Distributed tracing (Boot 3)

Item	Detail
API	Micrometer Tracing (replaces Sleuth)
Brave bridge	Zipkin export — `management.zipkin.tracing.endpoint`
OTel bridge	`management.otlp.tracing.endpoint`
Sampling	`management.tracing.sampling.probability: 0.1`
Propagation	W3C `traceparent` header
Baggage	`management.tracing.baggage.remote-fields` — small, no PII
Logs	MDC `traceId` / `spanId` correlation

Logging & MDC production

Practice	Implementation
Structured JSON	logstash-logback-encoder in prod profile
MDC fields	`requestId`, `userId`, `traceId`
Async appender	`AsyncAppender` — don't block request thread
Config file	`logback-spring.xml` + `<springProfile>`
Levels	INFO prod; DEBUG per-package temporarily

Kubernetes health & shutdown

Endpoint / config	Purpose
`/actuator/health/liveness`	Restart if broken
`/actuator/health/readiness`	Remove from load balancer
`management.endpoint.health.probes.enabled`	Enable K8s probe URLs
`server.shutdown: graceful`	Drain in-flight requests
`spring.lifecycle.timeout-per-shutdown-phase`	Max drain time (e.g. 30s)
Custom	`HealthIndicator` for DB, Redis, partners

Testcontainers & integration

Pattern	Snippet
Static container	`static @Container PostgreSQLContainer`
Properties	`@DynamicPropertySource` or `@ServiceConnection` (Boot 3.1+)
WireMock	`@WireMockTest` — stub external HTTP
Context cache	Same slice config reuses context — avoid unique `@MockBean` sets
`@DirtiesContext`	Use sparingly — busts cache, slow CI

Spring Batch — parallelism & ops

Feature	When
Partitioning	Large table — split ID ranges across workers
Chunk size	Tune 100–500; align with JDBC batch
JobRepository	`BATCH_*` tables — backup & archive old runs
Restart	Failed job resumes from last committed chunk
Schedule	`@Scheduled` or K8s CronJob — not on startup

Auto-configuration debugging

Action	Command / flag
Conditions report	`--debug` or `logging.level.org.springframework.boot.autoconfigure=DEBUG`
Exclude auto-config	`@SpringBootApplication(exclude = DataSourceAutoConfiguration.class)`
Startup timeline	`spring-boot-starter-actuator` + `startup` endpoint (Boot 2.4+)
Bean override	Define your own `@Bean` — @ConditionalOnMissingBean backs off

Interview rapid-fire

Question	One-line answer
IoC vs DI?	IoC: container controls creation; DI: dependencies injected from outside
Constructor vs field injection?	Constructor: immutable, testable, required deps explicit
`@Transactional` on private method?	No effect — proxy can't intercept
`@WebMvcTest` vs full Boot test?	Slice: MVC only + mocks — faster, focused
Reactive vs virtual threads?	Reactive: programming model + backpressure; vthreads: scale blocking code
Liveness vs readiness?	Liveness: restart; readiness: stop traffic
High-cardinality metrics?	Explodes time series — use logs/traces for per-entity detail