Java Backend Developer Interview Questions: Spring Boot, JPA, APIs

Introduction

Java backend interviews usually test whether you can build and operate reliable APIs, not whether you can recite framework names. Expect questions on Spring Boot, REST design, persistence, transactions, testing, security, observability, and tradeoffs in microservice systems.

Use this guide to prepare answers that connect concepts to real work: what the feature does, when you would use it, what can go wrong, and how you would debug or test it. In 2026, it is also worth being comfortable with Java 17+ baselines, Java 21/25 discussions, Spring Boot 3/4 projects, and modern OAuth2/JWT API security.

How to use this guide

• Start with the easy Spring Boot and Java fundamentals, then rehearse the medium and hard questions out loud.
• For each answer, add one project example from your own resume or portfolio.
• When a question involves a tradeoff, name the default you would choose and the signal that would make you change it.
• If your resume mentions microservices, JPA, Kafka, Docker, or cloud deployment, prepare one concrete failure or debugging story.

---

Spring Boot Core Concepts

1. What is Spring Boot and how does it differ from the traditional Spring Framework?

Answer: Spring Framework provides the core container, dependency injection, web framework, data access integration, transaction support, and enterprise programming model. It is powerful, but a traditional Spring app often requires more explicit setup.

Spring Boot builds on Spring Framework and makes production applications faster to start and easier to configure. Key differences:

• Auto-configuration: Creates sensible beans based on classpath dependencies and your explicit configuration.
• Starters: Provide curated dependency sets such as spring-boot-starter-web, spring-boot-starter-data-jpa, and spring-boot-starter-security.
• Embedded servers: Package an app with Tomcat, Jetty, or Undertow instead of deploying a WAR to a separate server.
• Production defaults: Actuator, externalized configuration, logging, profiles, and health/metrics integration are designed into the app model.

A strong interview answer adds that Boot does not replace Spring; it removes boilerplate and gives conventions you can override when needed.

Rarity: Common Difficulty: Easy

---

2. Explain the @SpringBootApplication annotation.

Answer: It is a convenience annotation that combines three other annotations:

1. @Configuration: Marks the class as a source of bean definitions.
2. @EnableAutoConfiguration: Tells Spring Boot to start adding beans based on classpath settings, other beans, and various property settings.
3. @ComponentScan: Tells Spring to look for other components, configurations, and services in the current package and sub-packages.

Rarity: Common Difficulty: Easy

---

3. What is Dependency Injection (DI) and Inversion of Control (IoC)?

Answer:

• IoC: A principle where the control of object creation and management is transferred from the programmer to a container (Spring IoC Container).
• DI: A design pattern used to implement IoC. Instead of an object creating its dependencies, they are "injected" into it (via Constructor, Setter, or Field).
• Benefit: Decoupling, easier testing (mocking dependencies), and better maintainability.

Rarity: Very Common Difficulty: Medium

---

4. What are Spring Boot Starters? Give examples.

Answer: Starters are a set of convenient dependency descriptors that you can include in your application. They contain all the dependencies you need to get a project up and running quickly with a consistent, supported set of managed transitive dependencies.

• Examples:
  • spring-boot-starter-web: For building web applications (includes Tomcat and Spring MVC).
  • spring-boot-starter-data-jpa: For using Spring Data JPA with Hibernate.
  • spring-boot-starter-test: For testing (includes JUnit, Mockito).
  • spring-boot-starter-security: For Spring Security.

Rarity: Common Difficulty: Easy

---

5. What is Spring Boot Actuator?

Answer: Spring Boot Actuator adds production-oriented endpoints and integrations for monitoring and managing an application. It is commonly used in backend interviews because it connects code to operations.

• Health and readiness: /actuator/health can show whether the app and dependencies are ready to serve traffic.
• Metrics: Actuator integrates with Micrometer so metrics can be exported to systems such as Prometheus, Datadog, or New Relic.
• Info and environment: Endpoints can expose build info, selected configuration, loggers, mappings, and other diagnostics when enabled.
• Security: Do not expose every actuator endpoint publicly. In production, restrict sensitive endpoints and publish only what operators need.

Rarity: Common Difficulty: Medium

---

Microservices & Architecture

6. What are the benefits of Microservices over Monolithic Architecture?

Answer:

• Scalability: Individual services can be scaled independently based on demand.
• Technology Agnostic: Different services can use different technologies (Java, Go, Python) best suited for the task.
• Fault Isolation: A failure in one service doesn't necessarily bring down the entire system.
• Independent Deployment: Teams can deploy services independently, enabling faster release cycles (CI/CD).

Rarity: Common Difficulty: Medium

---

7. What is an API Gateway? Why use it?

Answer: An API Gateway is a server that acts as a single entry point into the system. It takes all API calls from clients, then routes them to the appropriate microservice.

• Functions: Request routing, composition, and protocol translation.
• Cross-cutting concerns: Authentication, SSL termination, Rate Limiting, Caching, Logging.
• Examples: Spring Cloud Gateway, Netflix Zuul, Kong.

Rarity: Very Common Difficulty: Medium

---

8. Explain Service Discovery (Eureka).

Answer: In a microservices environment, service instances have dynamic IP addresses. Service Discovery is a mechanism for services to find each other.

• Eureka Server: Acts as a service registry.
• Eureka Client: Microservices register themselves with the Eureka Server on startup and send heartbeats.
• Discovery: When Service A needs to call Service B, it asks Eureka for the address of Service B.

Rarity: Common Difficulty: Medium

---

9. What is the Circuit Breaker Pattern?

Answer: The Circuit Breaker pattern prevents an application from repeatedly trying to execute an operation that's likely to fail (e.g., calling a down service).

• States:
  • Closed: Requests flow normally.
  • Open: Requests are blocked immediately (fail fast) to allow the failing service to recover.
  • Half-Open: A limited number of requests are allowed through to test if the service has recovered.
• Tools: Resilience4j (recommended), Hystrix (deprecated).

Rarity: Very Common Difficulty: Hard

---

Database & JPA

10. What is JPA and Hibernate?

Answer:

• JPA (Java Persistence API): A specification for accessing, persisting, and managing data between Java objects and a relational database. It is just an interface.
• Hibernate: The most popular implementation of the JPA specification. It is an ORM (Object-Relational Mapping) tool.

Rarity: Common Difficulty: Easy

---

11. Explain the N+1 Select Problem in Hibernate.

Answer: The N+1 problem happens when one query loads a list of parent records and then the ORM runs one extra query per parent to load a related collection or entity.

• Scenario: Fetch 50 Author rows with one query. Then loop over them and call author.getBooks(). Hibernate may run 50 more queries, one for each author.
• Why it matters: It can look fine in development but become slow in production as the list grows.
• Fixes: Use JOIN FETCH in JPQL/HQL, an EntityGraph, a fetch profile, or a purpose-built DTO query when that screen or API needs the related data.
• Tradeoff: Do not mark every association eager by default. Fetch only what a use case needs, or you may create large joins and load too much data.

Rarity: Very Common Difficulty: Medium

---

12. What is the difference between @Entity, @Table, and @Column?

Answer:

• @Entity: Specifies that the class is an entity and is mapped to a database table.
• @Table: Optional. Specifies the name of the database table to be used for mapping. If omitted, the class name is used.
• @Column: Optional. Specifies the details of the column to which a field or property will be mapped. If omitted, the field name is used.

Rarity: Common Difficulty: Easy

---

Security & Testing

13. How do you secure a Spring Boot application?

Answer: Use Spring Security as the base, then describe the security model for the type of application. A strong interview answer separates authentication, authorization, token validation, and operational safeguards.

• Authentication: Verify who is calling the API, commonly through OAuth2/OIDC, session login, or service-to-service credentials.
• Authorization: Restrict what the caller can do with roles, scopes, method security such as @PreAuthorize, and endpoint-level rules in a SecurityFilterChain.
• JWT/OAuth2 resource server: For stateless APIs, validate bearer tokens, issuer, expiry, signature, and scopes instead of trusting token contents blindly.
• API hardening: Enforce HTTPS, CORS intentionally, CSRF where browser sessions are used, safe error responses, rate limits, and audit logging for sensitive actions.

Rarity: Common Difficulty: Medium

---

14. What is the difference between @Mock and @InjectMocks in Mockito?

Answer:

• @Mock: Creates a mock object of the class/interface. It does not have any real behavior; you define its behavior using when(...).thenReturn(...).
• @InjectMocks: Creates an instance of the class and injects the mocks that are created with the @Mock (or @Spy) annotations into this instance. Used for the class under test.

Rarity: Common Difficulty: Medium

---

15. How do you handle transactions in Spring Boot?

Answer: Using the @Transactional annotation.

• Mechanism: Spring creates a proxy around the class/method. It starts a transaction before the method execution and commits it after the method returns. If a RuntimeException is thrown, it rolls back the transaction.
• Propagation: You can configure how the transaction relates to existing transactions (e.g., REQUIRED, REQUIRES_NEW).

Rarity: Common Difficulty: Medium

---

Advanced Topics

16. What is Spring Cloud Config?

Answer: Spring Cloud Config provides server-side and client-side support for externalized configuration in a distributed system.

• Config Server: Central place to manage external properties for applications across all environments. It can be backed by Git, SVN, or Vault.
• Benefit: You can change configuration without redeploying the application (using @RefreshScope).

Rarity: Uncommon Difficulty: Medium

---

17. Explain the difference between Singleton and Prototype scope in Spring Beans.

Answer:

• Singleton (Default): Only one instance of the bean is created per Spring IoC container. It is cached and reused.
• Prototype: A new instance is created every time the bean is requested.
• Others: Request, Session (web-aware scopes).

Rarity: Common Difficulty: Easy

---

18. What is the difference between Checked and Unchecked exceptions in Java?

Answer:

• Checked Exceptions: Inherit from Exception (but not RuntimeException). The compiler forces you to handle them (try-catch) or declare them (throws). Example: IOException, SQLException. Represent recoverable conditions.
• Unchecked Exceptions: Inherit from RuntimeException. The compiler does not force you to handle them. Example: NullPointerException, IllegalArgumentException. Represent programming errors. Spring's @Transactional rolls back only on unchecked exceptions by default.

Rarity: Common Difficulty: Easy

---

19. How does Garbage Collection work in Java?

Answer: Garbage Collection automatically reclaims heap memory from objects that are no longer reachable. In an interview, explain the model first, then mention the operational tradeoffs.

• Reachability: Objects that cannot be reached from live references are eligible for collection.
• Generational behavior: Many collectors optimize for the fact that most objects are short-lived.
• Pauses and throughput: GC can introduce pauses, so backend systems watch latency, allocation rate, heap size, and pause time.
• Common collectors: G1 is a common default in modern server-side Java; ZGC and Shenandoah are low-latency options for workloads that need shorter pauses.
• Debugging: Use GC logs, heap dumps, allocation profiling, and metrics before changing collector flags.

Rarity: Common Difficulty: Hard

---

20. What are Java Streams?

Answer: Java Streams are a functional-style API for processing sequences of data from collections, arrays, files, or generated sources. They make transformations and filtering more declarative, but they are not a replacement for every loop.

• Intermediate operations: filter, map, sorted, distinct, and limit build a lazy pipeline.
• Terminal operations: collect, toList, forEach, reduce, count, and anyMatch trigger execution.
• Best use: Clean transformations where each step is easy to read and has no side effects.
• Parallel streams: Useful only when the work is CPU-heavy, data can split well, and shared state is avoided. For request-handling code, measure before using them.

Rarity: Common Difficulty: Medium