- Filters are called before a request hits the DispatcherServlet. They allow for interception-style, chained processing of web requests for security, timeouts, and other purposes.
- Filters are used with a checksum algorithm that will filter invalid bytes out of a byte stream request body and allow for processing of HTTP requests from the DispatcherRequestServlet.
- Filters are used with a checksum algorithm that will filter invalid bytes out of an octet stream a multipart upload and allow for chained processing of WebDispatcherServlet requests.
- Filters are used to validate request parameters out of the byte stream request body and allow for processing of requests from the DispatcherRequestServlet.
Reference: HandlerInterceptors vs. Filters in Spring MVC. Also there is no such thing as DispatcherRequestServlet in Spring.
- A resource is the actual String literal that composes a URI that is accessed on a RESTful web service.
- It is an abstract concept that represents a typed object, data, relationships, and a set of methods that operate on it that is accessed via a URI.
- A REST service has a pool of resources composed of allocations of memory that allow a request to be processed.
- A resource for a REST service is an explicit allocation of a thread or CPU cycles to allow a request to be processed.
- @AfterError
- @AfterReturning
- @AfterException
- @AfterExecution
- It supports internationalization of web applications by detecting a user's locale.
- It generates a view by mapping a logical view name returned by a controller method to a view technology.
- It creates a unique view determined by the uers's browser type,supporting cross-browser compatibility.
- It maps custom parameters to SQL views in the database, allowing for dynamic content to be created in the response.
- Spring automatically generated code for you based on your YAML config that defined a MethodInterceptor chain that intercept calls to the instance and computed SQL on the fly.
- A JDK proxy instance is created, which backs the repository interface, and a MethodInterceptor intercepts calls to the instance and routes as required.
- The Spring JDK proxy creates a separate runtime process that acts as an intermediary between the database and the Web server, and intercepts calls to the instance and handles requests.
- Spring automatically generated code for you based on your XML config files that define a SpringMethodAutoGeneration factory that intercepts calls to the instance and creates dynamic method that computer SQL on the fly.
- SpEL(Spring Expression Language) runs in the JVM and can act as a drop-in replacement for Groovy or other languages.
- SpEL(Spring Expression Language) supports boolean and relational operators and regular expressions, and is used for querying a graph of objects at runtime.
- SpEL(Spring Expression Language) allows you to build, configure,and execute tasks such as building artifacts and downloading object dependencies.
- SpEL(Spring Expression Language) natively transpiles one JVM language to another, allowing for greater flexibility.
- dynamic chaining
- banding
- weaving
- interleaving
- JDK Dynamic proxy can proxy only interface, so it is used if the target implements at least one interface. A CGLIB proxy can create a proxy by subclassing and is used if the target does not implement an interface.
- Only JDK Dynamic proxies are used in the Spring Bean Lifecycle. CGLIB proxies are used only for integrating with other frameworks.
- Only CGLIB proxies are used in the Spring Bean Lifecycle. JDK Dynamic proxies are used only for integrating with other frameworks.
- JDK Dynamic proxy can only using an abstract class extended by a target. A CGLIB proxy can create a proxy through bytecode interweaving and is used if the target does not extend an abstract class.
- getArgs()
- getExceptions()
- getSignature()
- getTarget()
Q10. In what order do the @PostConstruct annotated method, the init-method parameter method on beans and the afterPropertiesSet() method execute?
- 1. afterPropertiesSet() 2. init-method 3. @PostConstruct
- 1. @PostConstruct 2. afterPropertiesSet() 3. init-method
- 1. init-method 2. afterPropertiesSet() 3. @PostConstruct
- You cannot use these methods together-you must choose only one.
- It's a transaction attribute configured by
spring.security.transactions.xml
config file that uses Spring's transaction implementation and validation code. - It's a transaction that must actively validate by the bytecode of a transaction using Spring's
TransactionBytecodeValidator
class. Default Transaction behavior rolls back on validation exception but commits on proper validation - It creates a proxy that implements the same interface(s) as the annotated class, allowing Spring to inject behaviors before, after, or around method calls into the object being proxied.
- It's a transaction that must be actively validated by Spring's
TransactionValidator
class using Spring's transaction validation code. Default Transaction behavior rolls back on validation exception.
@SpringBootApplication
public class App {
public static void main(String args[]) {
SpringApplication.run(App.class, args);
System.out.println("startup");
}
}
public class Print implements InitializingBean {
@Override
public void afterPropertiesSet() throws Exception {
System.out.println("init");
}
}
- Nothing will print
- startup init
- init
- startup
@Component
public class Test implements InitializingBean {
@Autowired
ApplicationContext context;
@Autowired
static SimpleDateFormt formatter;
@Override
public void afterPropertiesSet() throws Exception {
System.out.println(context.containsBean("formatter") + " ");
System.out.println(context.getBean("formatter").getClass());
System.out.println(formatter.getClass());
System.out.println(context.getClass());
}
}
@Configuration
class TestConfig {
@Bean
public SimpleDateFormat formatter() {
return new SimpleDateFormat();
}
}
- formatter.getClass()
- context.getClass()
- context.getBean("formatter").getClass()
- context.containsBean("formatter")
- SpringInitContainer
- ResourceLoader
- ApplicationEventPublisher
- BeanFactory
- @Secured
- @RequiresRole
- @RestrictedTo
- @SecurePath
Q16. What is the result of calling the map controller method using the HTTP request GET localhost:8080/map?foo=foo&bar=bar ?
@RestController
public class SampleController {
@RequestMapping("/map")
public String map(@RequestParam("bar") String foo, @RequestParam("foo") String bar) {
return bar + foo;
}
}
- An InvalidParameterNameMappingException is thrown at runtime.
- barfoo
- foobar
- A status code of 400 Bad Request is returned.
- It prevents a bean from being created and injected until you run a specific CLI command. It reduces complexity in the application.
- It can be applied to a bean so that the bean is not persisted in the database. It reduces the number of database operations.
- It can be applied to a bean so that the bean is not created and injected until it is needed. It can help speed up startup time for your application.
- It prevents a bean from being created and injected until it receives a HTTP request to a callback hook. It reduces disk footprint.
- a method by which objects define dependencies they need as abstractions that allows the framework to instantiate and configure them in a central location at runtime.
- a paradigm where dependent code is injected into the bytecode of a Java application on a remote server.
- a way of injecting remote dependencies into a pre-packaged JAR file from the file system.
- a way of injecting remote dependencies into a pre-packaged WAR file from the file system.
- Reactive Enterprise Status Transfer is a web service comprising a set of guidelines and technical constraints for web services that monitor and alert of a set of mission-critical resources.
- Representational State Transfer an architectural style for creating web services that includes client-server architecture, statelessness, cacheability, a layered system, and a uniform interface.
- Redundant Enumerated State Transfer is a web service that provides redundancy in the case of failure and outlines technical constraints for web services that have access to resources.
- Reactive Enterprise State Transfer is a web service comprising a set of guidelines and technical constraints for web services y that have access to resources and are async in nature.
- A controller bean definition is defined in the servlet's WebApplicationContext. The class is marked as a web component, and you can map requests to controller methods.
- A controller bean definition is defined in the Web Context, and Web Servlet is marked as a component that reads mapped controller requests from an XML config file.
- A controller bean definition is defined in the Tomcat Context, and the Controller Servlet is marked as a web component that reads mapped controller requests from a YAML config file.
- A controller bean definition is defined in the Servlet Context, and the Controller Servlet is marked as a component that reads mapped controller requests from an XML config file.
- Port
- spring.port
- spring.settings.port
- server.port
- to validate the char array contained in a response to ensure that it is a valid character encoding
- to generate a local byte stream from the body of a response that allows a request to be scanned for security risks
- to indicate whether a handler method return value should be bound to the web response body in servlet environments
- to ensure a ThreadLocal byte stream that allows a response to be encoded for reading directly into a socket stream
- Mockito will spin up a mock web service hosted in a Docker container that can respond to HTTP requests to mock out third-party APIs.
- Mockito can use annotations or factory methods to create mock objects that may be injected into tests in place of dependencies. The behavior of mocks can be explicitly configured.
- Mockito will create mock users to repeatedly perform requests against your Spring application to test your app's ability to take load.
- Mockito will spin up a mock web service hosted in a Docker container that can respond to RPC calls to mock out remote resources.
- DispatchingDelegatorServlet
- DispatcherServlet
- Router
- FrontControllerServlet
- It instantiates and configures objects, supplied at runtime, to classes that define them as a dependency.
- It allows the front-end code to manage the ResponseBody objects provided by a back-end REST API.
- It allows a database to define business objects via a shared schema at compile time.
- It facilitates a remote server to configure a local application.
- feature that scans packages for classes with specific annotations and, when found, creates their bean definitions within the IoC container
- paradigm where bytecode is actively scanned to identify additional optimizations to inject into components in the application context
- a method by which cloud repositories are scanned to identify components for injection into an IoC container
- a method by which binary data in a database is searched to identify components for injection into the IoC container
- This annotation takes the String literal passed into the annotation as a parameter and automatically generates all the code for your application as per the passed in template parameter.
- This compound annotation applies the @Bootable, @Springify, and @StandardConfig annotations that launch a CLI tool after launching the Spring Boot WAR file that will guide you through a series of prompts to set up your app.
- This annotation scans the provided spring-boot-config-construction.yaml file in your root directory and automatically generates all the code for your application as defined in the YAML file.
- Queries are explicitly coded in repository implementations using the Spring Data CriteriaBuilder.
- Query metadata is stored in the underlying datastore and retrieved at runtime per repository.
- Queries are derived from the signatures of methods on a Spring Data repository that contain keywords in their name for constructing the query logic.
- A spring-data-queries.xml file contains queries within entity tags that specify the query logic for each repository.
Q29. How does Spring generate bean names for classes annotated with @Component that do not specify a name?
- It uses the short name of the class with the first letter in lowercase.
- It uses the short name of the class.
- It uses the short name of the class in uppercase.
- It uses the canonical name of the class in lowercase.
- It's the servlet filter chain proxy that handles all requests to the route defined in spring.security.xml. All calls to the filter proxy are forwarded to the ErrorDispatcherServlet.
- It's the servlet filter chain that handles requests to the route defined in spring.security.factories. All calls to the filter proxy y are forwarded to the ErrorServlet.
- It's the servlet filter proxy delegating to a filter bean specified in web.xml. All calls to the filter proxy will be delegated to that servlet filter bean.
- It's the web servlet daemon filter proxy that delegates to a bean specified in spring.security.factories. All calls to the filter proxy that do not contain a proper route will return an error.
Reference: Overview and Need for DelegatingFilterProxy in Spring
- It helps monitor and manage a Spring Boot application by providing endpoints such as health checks, auditing, metrics gathering, and HTTP tracing.
- It provides out-of-the-box functionality that integrates with third-party metrics platforms to automatically scale up and down the number of threads in threadpools.
- It's a CLI that allows you to modify the configuration of a running Spring Boot application without the need for restarting or downtime.
- It provides out-of-the-box functionality that integrates wiltr?third-party metrics platforms to automatically scale up and down the number of instances of the Spring Boot application.
Reference: Spring Boot Actuator
- It introspects the local machine and automatically provisions resources based on certain contextual configuration files.
- It automatically generates comments for annotated classes on autowired dependencies to provide additional context about dependencies.
- It defines metadata at the class-level to determine how to load or configure an ApplicationContext in Spring integration tests.
- It automatically generates JavaDocs for annotated classes to provide additional context about the purpose of the class.
Reference: @ContextConfiguration Example in Spring Test
- Authentication is the act of granting access to specific resources and functions based on config settings. Authorization is the act of introspecting a user's credentials to ensure they are not impersonating another user.
- Authentication is the act of verifying certain resources and functions are actually valid. Authorization is the act of verifying a user's credentials have not expired.
- Authentication is the act of verifying that certain resources and functions actually exist in the database. Authorization is the act of verifying a user's credentials to ensure they are valid.
- Authentication is validating that users are who they claim to be. Authorization is granting access to specific resources and functions.
- to create a ThreadLocal byte stream that allows a request to be encoded for reading directly into a database
- to automatically generate a ThreadLocal byte stream from the body of a request that allows a request to scanned for security risks
- to indicate whether an annotated handler method parameter should be bound to the web request body, which is converted by an HttpMessageConverter
- to automatically validate the characters contained in a request to ensure that they are a valid character encoding
- The DispatcherServlet process daemon assigns a separate Web Servlet Container process to each HTTP request that comes into the web server.
- It is a servlet that dispatches HTTP requests to registered handlers/controllers for processing.
- The DispatcherServlet API assigns a separate Web Servlet Node process to each additional HTTP request that comes into the web server.
- It is a servlet that dispatches an array of background daemon processes that allocate memory and CPU cycles to each request.
- It triggers a local automated review of configuration files such as web.xml and detects possible security issues or automatically resolves circular dependencies.
- It triggers an automated review of configuration by a web-based agent that reviews your existing web.xml file and detects possible security issues.
- It's an opinionated, intelligent method of introspecting an app to configure beans that are likely to be needed. This configuration can be overridden over time with manual configuration.
- It provides plug-in functionality while editing your web.xml and other config files that will autocomplete common dependencies while typing.
- Add an @EnableJpaRepositories annotation to your configuration class and create a Spring Data Repository.
- Add an @EnableJpaEntities annotation to your configuration class, create a Spring Data YAML configuration file, and manually update the Spring XML config files to define your repository locations.
- Add an @EnableDbFunctionality annotation to your configuration class, create a Spring Data XML configuration file, and manually update the Spring factories file to define your repositories.
- Add an @InitJpaEntities annotation to your configuration class, create a Spring Data properties configuration file, and manually update the Spring startup parameters to define your repository locations.
- a version-controlled schema change that is applied to a database
- a sequence of actions representing a single unit of work managed as a single operation that can be either committed or rolled back
- an encoded message and response between various shards of a database
- an exchange or interaction between various worker nodes in a multithreaded environment
- multiclass
- aspect
- crosscut
- sidecut
- any of these answers
- Annotate a Setter method with the @Autowired annotation.
- Specify parameters in the constructor with an optional @Autowired annotation.
- Use field injection.
Q41. Consider the properties file application.properties. How would you load the property my.property?
my.property=Test
- A
@Prop("${my.property}")
private String val;
- B
@GetVal("my.property")
private String val;
- C
@GetProperty("${my.property}")
private String val;
- D
@Value("${my.property}")
private String val;
- a managed dependency defined by configuration metadata that can be injected into downstream classes
- a binary-encoded, agnostic, named entity that is translatable between different data formats
- a payload that is transferable between different services in a Service-Oriented Architecture (SOA)
- a discrete piece of data that is encoded in a binary format for persisting to a file system
- application properties located in an application.properties file outside the application.jar
- @PropertySource annotations on configuration classes
- profile-specific application-{profile}.properties files
- application properties located in an application.properties file inside the application.jar
- Persist bean definitions into a database
- Instance bean objects
- De-normalize bean definition
- Use reflection to inject bean objects into the servlet container
Q45. What Spring Boot property is used to set the logging level for the entire application in the application.properties file?
- logging.settings
- log.level
- root.logger.level
- logging.level.root
Reference: Logging in Spring Boot
- an autogenerated UUID
- a unique String name
- an auto-incremented Integer ID
- an ID derived from its location in memory
- Spring Boot can create a self-executable WAR file that runs without needing a servlet container. A JAR file has to be deployed to an existing web container such as Tomcat with separate files for dependencies.
- Spring Boot can create a JAR file that contains bytecode that interacts directly with the OS without needing a servlet container. A WAR file has to be deployed to an existing web container such as Tomcat with separate files for dependencies.
- The Spring Boot JAR file will be deployed to a Servlet container such as Tomcat on an existing running web server locally. The WAR file will be deployed to a cloud-based servlet container.
- Spring Boot can create a self-executable JAR file that contains all the dependencies and an embedded Servlet container. A WAR file has to be deployed to an existing web container such as Tomcat.
- It ensures that transactions that are commited to the database are propagated to all the shards of a clustered database system.
- None of these answers is correct.
- It guarantees that transactions that are submitted to the database cluster are propagated to all the nodes of a clustered database cloud.
- It enforces that a logical transaction scope is created for each method that determines rollback-only status, with an outer transaction scope being logically independent from the inner transaction scope.
@Component
public class Test implements InitializingBean {
@Autowired
ApplicationContext context;
private TestService service;
public void setService(TestService service) {
this.service = service;
}
@Override
public void afterPropertiesSet() throws Exception {
System.out.print(context.containsBean("testService") + " ");
System.out.println(service.getClass());
}
}
@Service
class TestService {}
- a null pointer stacktrace
- true null
- true package.TestService
- false package.TestService
Explanation: missing @Autowired
on private TestService service
or on the setter
Q50. To register a custom filter that applies only to certain URL patterns, you should remove the _ annotation from the filter class and register a @Bean of type _
in Spring @Configuration.
- @RequestMapping; WebRequest
- @Controller; URLFilter
- @WebFilter; ServletContextInitializer
- @Component; FilterRegistrationBean
- A predicate that matches join points.
- A point during the execution of a program, such as the execution of a method or the handling of an exception.
- An action taken by an aspect at a particular join point.
-
1. Pointcut 2. Advice 3. Join point
-
1. Join point 2. Pointcut 3. Advice
-
1. Advice 2. Pointcut 3. Join point
-
1. Pointcut 2. Join point 3. Advice
- Passwords should be hashed using an adaptive one-way function such as bcrypt.
- Passwords can be stored in a BASE64 encoded format if they are stored in a private database.
- Passwords should be salted and hashed using the MD5 algorithm.
- Passwords should be hashed using the SHA-1 algorithm, then salted to provide defence against rainbow table attacks.
Explanation: sha-1 is not considered secure anymore: https://en.wikipedia.org/wiki/SHA-1#Attacks . With bcrypt you can select more complex hashes https://en.wikipedia.org/wiki/Bcrypt
@target(com.linkedin.annotation.Loggable)
- any join point where the target object has a @Loggable annotation
- any join point where the executing method has a @Loggable annotation
- any method that implements Loggable
- any method that extends Loggable
Reference: Difference between @target and @within (Spring AOP)
@Component
public class Test implements InitializingBean {
@Autowired
ApplicationContext context;
@Autowired
SimpleDateFormat formatter;
@Override
public void afterPropertiesSet() throws Exception {
System.out.println(context.containsBean("formatter"));
System.out.println(formatter.getClass());
}
}
@Configuration
class TestConfig2 {
@Bean
public final SimpleDateFormat formatter() {
return new SimpleDateFormat();
}
}
- true
class java.text.SimpleDateFormat - true
SimpleDateFormat - a NullPointerException stacktrace
- a BeanDefinitionParsingException stacktrace
Explanation: @Bean
-method in @Configuration
must be overridable. Remove the final
keyword to fix.
- Configures a web application that is able to be deleted and re-created during runtime through hot swap. It adds a recreateContext() method and defines a root WebDaemon that must be bound to in the bootstrap process.
- It configures a Spring application that is able to be modified on the fly during runtime through bytecode re-encoding. Also it adds an updateContext() method and defines a root WebServlet that must be bound to in the bootstrap process.
- It provides configuration for a web application that is read-only while running. Also, it adds a getServletContext() method and defines an attribute name to which the root context must be bound in the bootstrap process.
- It provides configuration for a Spring application that is updatable on the fly during runtime through bytecode weaving. Also it adds an updateServletContext() method and defines a root servlet that must be bound to in the bootstrap process.
- Aspect-Oriented Programming allows you to define different cross-cutting aspects that isolate beans to be available only in certain environments and profiles.
- Aspect-Oriented Programming enables you to perform profiling, which lets you develop different cross-cutting JVM performance-tuning profiles for different aspects of your applications.
- Aspect-Oriented Programming enables the modularization of cross-cutting concerns so that repeated boilerplate logic, such as logging code, does not pollute business logic.
- Aspect-Oriented Programming enables you to persist cross-cutting data across modularized shards of your database.
Q57. Assuming username and password authentication is in place, what method on the Authentication object can be used to obtain the username?
- getPrincipal
- getUsername
- getUser
- getDn
Q58. Assuming no additional configuration is provided, what is the first selection criteria Spring uses to choose a bean when autowiring a property?
- none of these answers
- bean type
- bean size
- bean name
POST localhost:8080/map
{"b" : "b", "d" : "d"}
@RestController
public class SampleController {
@RequestMapping("/map")
public String map(@RequestBody SampleObject sampleObject) {
return sampleObject.getB() + sampleObject.getC();
}
}
public class SampleObject {
String b;
String c;
public String getB() { return b; }
public void setB() { this.b = b; }
public String getC() { return c; }
public void setC() { this.c = c; }
}
- An InvalidRequestBodyException is thrown at runtime.
- A MissingPropertyException is thrown at runtime.
- The text "bnull" is returned in the response body.
- The text "a" is returned in th response body.
@SpringBootApplication
public class Question14 {
@Autowired
private static Service service;
public static void main(String[] args) {
SpringApplication.run(Question14.class, args);
}
}
@Component
class Service {}
- The application will result in a compile error because you can't autowire a private variable.
- The application will compile and run, and service will have its dependency correctly injected by Spring.
- The application will compile and run, but service will not be autowired because you cannot autowire a static class member.
- The application will result in a compile error because you attempted to autowire a static variable.
- The security context includes details of the principal currently using the app, which is stored by default in a
ThreadLocal
in anAuthentication
object. - The security context holds a list of all users and their encrypted passwords in memory and a list of resources that users are able to access.
- The security context includes information about safe network IDs and IP addresses that are able to access the system.
- The security context includes information about permissions on the local file system describing how local file resources can be accessed.
- Annotate a Controller class with
@Controller
. Then, using a specific naming convention for the methods, theRequestMappingHandlerAdapter
will automatically configure your endpoints with the proper HTTP verb and URI. - Register a controller as a bean. Then, using a specific naming convention for the methods, the
RequestMappingHandlerAdapter
will automatically configure your endpoints based on values from the YAML config file. - Annotate a controller method with
@RequestMapping
, or a HTTP verb-specific annotation with a String URI pattern parameter (and other params as needed), which is supported through aRequestMappingHandlerMapping/Adapter
. - Register a controller as a bean. Then, using a specific naming convention for the methods, the RequestMappingHandlerAdapter will automatically configure your endpoints based on values passed into the bean definition.
Reference: Spring RequestMapping. Spring does not use naming conventions for web requests (unlike e.g. for the Data Repositories)
execution(* setter*(..))
- any method with a name that contains the String "setter" with a single parameter
- any method with a name that begins with String "setter" with a single parameter
- any method with a name that begins with String "setter"
- any method with a name that contains the String "setter"
- Front Controller
- Facade
- Reactive Chain
- Observer