Readiness Checklist
Use this page as the certification scoreboard.
For each item:
- Try to answer out loud.
- Open the model answers only after trying.
- If the model answer feels unfamiliar, use the study links.
Spring Core
- I can explain IoC without using the word magic.
- I can explain Dependency Injection and why constructor injection is preferred.
- I know what a Spring bean is.
- I know what
ApplicationContextdoes. - I can explain
BeanDefinitionvs bean. - I know when
@Primaryand@Qualifierare used.
Model Answers
IoC means Spring controls object creation and dependency management instead of application code creating everything manually.
Dependency Injection means a class receives dependencies from outside. Constructor injection is preferred because required dependencies are explicit, fields can be final, and tests can create the object directly.
A Spring bean is an object managed by the Spring IoC container.
ApplicationContext is the main Spring container. It creates, wires, configures, and manages beans.
BeanDefinition is the metadata or recipe that tells Spring how to create a bean. The bean is the actual object created from that recipe.
@Primary marks the default bean when multiple candidates exist. @Qualifier selects a specific bean explicitly.
Study links:
- Spring Core and Dependency Injection
- What Problem Does Spring Solve?
- ApplicationContext and BeanFactory
- Beans and Bean Definitions
- Dependency Injection Deep Dive
Configuration
- I can explain
@Configurationand@Bean. - I know when to use
@Componentvs@Bean. - I can explain profiles.
- I can explain singleton vs prototype scope.
- I know the main bean lifecycle phases.
- I know the trap with prototype beans injected into singleton beans.
Model Answers
@Configuration marks a class that declares bean definitions. @Bean marks a method whose return value becomes a Spring bean.
Use @Component for application classes that Spring can discover by scanning. Use @Bean for third-party classes, custom creation logic, or objects you cannot annotate.
Profiles activate environment-specific beans or configuration, such as dev, test, or prod.
Singleton scope means one bean instance per Spring container. Prototype scope means Spring creates a new instance when the bean is requested.
The main lifecycle is: create object, inject dependencies, run aware/post-processor callbacks, initialize, use bean, destroy on shutdown when applicable.
If a prototype bean is injected directly into a singleton, the singleton usually receives one prototype instance at creation time. Use a provider or lookup pattern when a fresh instance is needed.
Study links:
- Configuration, Profiles, Scopes, and Lifecycle
- Java Configuration,
@Configuration, and@Bean - External Configuration
- Spring Profiles
- Bean Scopes
- Bean Lifecycle
Spring Boot
- I know what
@SpringBootApplicationincludes. - I can explain starters.
- I can explain auto-configuration conditions and back-off.
- I can inspect why auto-configuration matched or did not match.
- I know the purpose of Actuator.
Model Answers
@SpringBootApplication combines @Configuration, @EnableAutoConfiguration, and @ComponentScan.
Starters are dependency bundles that pull in common libraries for a feature, such as web, data JPA, security, or actuator.
Auto-configuration creates beans based on classpath, properties, and missing user-defined beans. Back-off means Boot does not create its default bean when the application already defines one.
To inspect auto-configuration, use the conditions report, debug logging, or Actuator conditions endpoint.
Actuator exposes production diagnostics such as health, info, metrics, beans, mappings, scheduled tasks, and conditions.
Study links:
- Spring Boot and Auto-Configuration
- Spring Boot Mental Model
- Starters and Dependency Management
- Auto-Configuration Deep Dive
- Spring Boot Actuator
MVC and REST
- I can explain
DispatcherServlet. - I know
@Controllervs@RestController. - I know
@RequestParam,@PathVariable, and@RequestBody. - I know how validation is triggered.
- I know how
@ControllerAdvicehandles errors.
Model Answers
DispatcherServlet is the front controller in Spring MVC. It receives HTTP requests and coordinates handler mapping, controller invocation, binding, validation, and response writing.
@Controller is usually used for MVC views. @RestController equals @Controller plus @ResponseBody, so return values are written to the response body.
@RequestParam reads query parameters or form values. @PathVariable reads URI template variables. @RequestBody reads and converts the HTTP request body.
Validation is commonly triggered by placing @Valid or @Validated on a controller method parameter.
@ControllerAdvice applies exception handling, binding, or model advice across controllers. It is commonly used with @ExceptionHandler for consistent API errors.
Study links:
- Spring MVC and REST
- Spring MVC Mental Model
- Request Mapping Deep Dive
- Request and Response Bodies
- Exception Handling
- Validation
Data and Transactions
- I know what Spring Data JPA repositories provide.
- I can explain query methods.
- I know where
@Transactionalusually belongs. - I know rollback defaults.
- I know why self-invocation can break transaction expectations.
- I can explain lazy loading and N+1 at a high level.
Model Answers
Spring Data JPA creates repository implementations at runtime and provides common CRUD/query behavior from repository interfaces.
Query methods are repository methods where Spring derives the query from the method name, such as findByEmail.
@Transactional usually belongs on service-layer methods because services define business use cases and transaction boundaries.
By default, Spring rolls back on unchecked exceptions and errors. Checked exceptions do not roll back by default unless configured.
Self-invocation can bypass transactional proxies because the method call stays inside the same object instead of going through the Spring proxy.
Lazy loading means related data is loaded later when accessed. N+1 happens when one query loads parent rows and then one extra query runs for each related item.
Study links:
- Data Access and Transactions
- Spring Data JPA Mental Model
- Repository Query Methods
- Transactions Deep Dive
- Entity Relationships
- JPA Performance
Security
- I can explain authentication vs authorization.
- I know Spring Security uses filters before controllers.
- I know why passwords need
PasswordEncoder. - I understand 401 vs 403.
- I know what CSRF protects.
- I know what CORS controls.
Model Answers
Authentication asks who the user is. Authorization asks what the authenticated user is allowed to do.
Spring Security runs mainly through servlet filters before the request reaches a controller.
Passwords need PasswordEncoder so the application stores password hashes instead of plain text and can safely verify submitted passwords.
401 means the request is not authenticated. 403 means the request is authenticated but not allowed.
CSRF protects browser cookie-based applications from unwanted state-changing requests sent from another site.
CORS controls which browser origins may call the API across origins. It is a browser-enforced cross-origin rule, not authentication.
Study links:
- Spring Security
- Spring Security Mental Model
- Users, Passwords, and Authentication Flow
- Authorization Deep Dive
- CSRF, CORS, Sessions, Stateless APIs, and JWT
- Security Testing
Testing
- I know unit test vs slice test vs integration test.
- I know when to use
@WebMvcTest. - I know when to use
@DataJpaTest. - I know when to use
@SpringBootTest. - I know what MockMvc does.
- I know what
@MockBeanor@MockitoBeandoes.
Model Answers
A unit test tests one class without Spring. A slice test loads one part of Spring, such as MVC or JPA. An integration test checks multiple layers together.
Use @WebMvcTest for controller, routing, binding, validation, JSON, and error response behavior.
Use @DataJpaTest for repositories, entity mappings, queries, and database persistence behavior.
Use @SpringBootTest when the test needs the full application context or multiple layers working together.
MockMvc performs HTTP-like MVC requests without starting a real server.
@MockBean or @MockitoBean replaces a Spring bean in the application context with a Mockito mock.
Study links:
- Testing
- Spring Boot Testing Mental Model
- Unit Testing Services
- Web Layer Testing
- Integration Testing Review
AOP and Proxies
- I can explain what an aspect is.
- I know advice, pointcut, and join point.
- I know Spring AOP is proxy-based.
- I know JDK proxy vs CGLIB proxy.
- I know why self-invocation matters.
Model Answers
An aspect groups cross-cutting behavior, such as logging, transactions, security, or caching.
Advice is the code that runs. A pointcut selects where it runs. A join point is a point in execution where advice can apply.
Spring AOP is proxy-based, so advice runs when method calls go through the Spring proxy.
JDK dynamic proxies proxy interfaces. CGLIB proxies classes by subclassing them.
Self-invocation matters because a method calling another method on the same object bypasses the proxy, so proxy-based behavior may not run.
Study links:
Final Topics
- I know Spring events are synchronous by default.
- I know
@TransactionalEventListener(AFTER_COMMIT). - I know
fixedRatevsfixedDelay. - I know
@Asyncis proxy-based. - I know Actuator endpoints must be secured.
Model Answers
Spring events are synchronous by default, so the publisher waits for listeners unless async execution is configured.
@TransactionalEventListener(phase = AFTER_COMMIT) runs the listener after the surrounding transaction commits successfully.
fixedRate measures start-to-start. fixedDelay measures finish-to-next-start.
@Async is proxy-based, so the method must be called through the Spring proxy. Self-invocation can bypass async behavior.
Actuator endpoints can expose sensitive operational data, so production exposure should be limited and secured.
Study links:
- Events, Scheduling, Async, and Observability
- Spring Events
- Scheduling and Async
- Spring Boot Actuator
- Final Actuator and Observability Review
Ready Rule
If you cannot explain a checked item in two or three sentences, uncheck it and study one targeted link instead of rereading the whole book.