Java Spring Boot 10+ Yrs Interview Experience [Lead Developer]

[0:00]Hey guys, today we have Sandeep and he is having total 10 plus year of experience in Java Spring Boot and microservices domain and those who want to give same free mock interview, please fill out the form below in the description. So now let's get started.

[0:12]Hey hello Sandeep, how are you? Uh Hi hi good afternoon. I'm good. How are you?

[0:17]Yes, I'm also good. Shall we start? Yes, yes. Okay, okay. So can you please introduce yourself? It seems you are very excited, right?

[0:25]Excited and a bit nervous as well. But yeah. Okay. So can you please introduce yourself and your recent project in brief?

[0:33]Yeah. Uh so basically I have around 10 place of uh working experience uh with mainly into Java and Spring Boot and uh microservices.

[0:45]Uh present my role is principal software engineer in whichever the organization I'm working on. Uh my recent project is one of the project in Texas and East in uh uh US where they are supporting some electricity and gas services uh to the uh uh people who are living in those multiple states based on the zip codes, utilities, uh we are providing some offers, billing, uh everything uh to them.

[1:16]That is the recent project what I've worked done. While coming to the very latest things recently we have started migrating to Spring Boot 3 and Java 21 to some of the uh projects. We are We uh yeah, it's it's in progress we are done.

[1:30]What challenges you are facing in migration? Uh the thing is it it is giving all the dependencies which supports by Spring Boot parent dependency like 3.2 3XX versions and uh we are pointing it to Java 20 and till that is good.

[1:45]But there are lot of things we are experiencing during lot of things are getting failed when we are running the build and when we are running the application and during build we are getting lot of compilation issues mainly with respect to uh what we call Java X and the Jakarta inputs are been changed and uh another thing is JPA repository things are getting failed because of the syntactical errors uh with their respect to the different Hibernate versions.

[2:18]Uh some some of the uh syntax which were not present in the 21, still we are using either it's from 11 or 17 or 8, it's telling that you have to override this and you have to import new inputs and removing the old one.

[2:33]And also have you migrated Java X to Jakarta or it was already migrated? No, we are migrating to Java X to Jakarta. Okay. Got it.

[2:44]Sandeep, let's say you have a monolithic application with no test and poor documentation, right? So how would you plan the migration to microservices?

[2:58]Okay. Uh so basically when as you told when we don't have any proper test and poor this code quality, generally what I will be doing is like first I'll start with starting some critical unit and integration test for most of the important and risky parts of the application, like what are the main APIs we have?

[3:20]Uh to ensure before migrating those are the APIs should be stable and working as expected because because most of the APIs are there, like small small APIs and which has less functionality, less dependency on the production and which will giving the response with less business logic and all. That will be taking care of the next level, mainly focusing on the major APIs.

[3:44]Uh and also gradually we'll refactor the code in small chunks to improve the readability and maintainability without breaking the existing functionality. That is also one of the main thing.

[3:57]Uh and also if there are if we don't have any integrating with SonarQube, we do that as well to prevent lot of the major, minor, critical and all these bugs.

[4:11]Okay. Yes, yes. that's nice. Okay. So can you tell me how would you implement soft delete?

[4:16]Swap delete or soft delete? No soft.

[4:20]Okay. Yep. Uh So basically soft delete it's like removing the record it from the database or storage usually it's setting flag by is deleted is equals to is deleted is equals to true, if I'm not wrong.

[4:36]Uh what happens in that case is that I'll write a Boolean field is deleted is equals to true in the entity and I'll update it while deleting and modify the query to filter out some soft deleted records.

[4:56]What's the difference between soft delete and hard delete? Soft delete and hard delete. Okay.

[5:06]So as I told earlier, this is used to delete and make a copy and it is used for data retrieving.

[5:17]And hard delete, I think it will be difficult for us to retrieve the data in case of copying or something like that.

[5:24]Yeah, yeah, that's correct. Soft delete means we are not deleting it. We are just hiding it, but it is somewhere in the database.

[5:31]Database. Correct correct. And soft delete, that's what yeah. It it is used for data retrieval as well soft delete, what I mean to say.

[5:38]Okay. Hey guys, I want to share something important with you actually Sandeep prepared from our interview preparation kit and cracked multiple interviews.

[5:47]We have also referred him to the multiple companies. So let me tell you this interview preparation kit has four main parts.

[5:51]First is complete interview preparation material. It is a step by step material made by me expert and MNC interviewers. 99% of the questions asked in interviews are covered in it.

[6:00]Second is two real enterprise client projects. Code and video recorded sessions are there and you can add this in your resume.

[6:05]Third is lifetime chat support. Here you can ask your doubts anytime. Fourth is referral support. Here we help you get referred to the top MNCs.

[6:13]So basically the material is organized as per your experience level and covers Java Spring Boot Spring security, Spring data JPA microservices, Kafka, Maven Git coding questions, stream API coding questions and many more.

[6:24]You can buy just the complete interview preparation material or the full kit with project supports and referrals. I have added the links in the description below.

[6:31]So now moving to our interview. And guys, before moving to our interview, since Sandeep is here, so we can ask about uh the review of uh that kit.

[6:39]So Sandeep, uh could you please go ahead? Uh yeah, so uh that kit whatever, whichever the kit I purchased, it's very very helpful.

[6:49]Even I could see very small small things and small small concepts in detail with explanation that how it is helpful in writing or any interviews preparation and while implementing any of the logic with which improves the performance and all.

[7:05]And also it helped me in cracking more number of interviews as well. Most of the questions as you are telling in every video like yeah, most of the questions are being asked.

[7:14]That was yeah, helpful. Very very helpful. Even I was regularly following your uh uh this interview videos as well. So Yeah, I suggest if if anyone wants to crack the interview, it's better to buy a kit and watch your interview videos. That would be very very helpful. Okay, buddy. Yeah. Thank you so much.

[7:35]Now, let's move to our interview. How would you prevent common vulnerabilities in a rest API? Common vulnerabilities means like SQL injection CSRF accesses.

[7:48]Okay. Uh In this case what we can do? Okay. Uh before entering the control to the controller, we can write some filters and some regular expressions in our code.

[8:04]If any of the request is coming to a filter if it matches that regular expression, either as you told SQL injection or XSS uh this one cross ride scripting and all.

[8:17]So we we are matching if the request has that regular expression and we are not sending the control to controller and redirecting to some either login page or something like that. Yeah, yeah.

[8:31]And also instead of some exposing sensitive data through improper error message and unsecure endpoints.

[8:42]Yeah. And we could use prepared statements, input validation, CSRF tokens, right. Headers, right.

[8:48]Yes, yes, yes, yes. Headers as well. Yeah. Okay. So in your current project, how you guys are rotating secrets?

[8:54]Okay. So we have different types of uh secrets. So basically uh different uh projects are using different types of secrets.

[9:05]So in in this case, I'm considering secret it's not about only the secret key, it can be any uh what we call database passwords or third party API passwords. Everything we are considering it as a secrets.

[9:16]Database things we are handling it through the console. Okay. Uh and also if we related to any AWS projects uh sequel sorry uh secrets are automatically rotated on a scheduler configured in AWS.

[9:35]And also other thing we are also having monitoring alerting in places to detect any unauthorized access or failure in secrets retrieval.

[9:47]And in AWS, we will using some secret managers to secure store and some manage secrets like database credentials, API keys, uh tokens.

[9:56]Uh as I told any if you are validating through any third party API for that usernames and passwords or something like that. Correct correct. Okay. So Sandeep, can you please tell me how would you design a system to handle 100X traffic spikes?

[10:09]Okay. So first of all, okay, based on the complete design, I'll decide, okay, by default, I'll make it as a microservice. That's for sure.

[10:22]So, and after that, I'll decide how many number of services it required, instead of dividing into main, let's say if complete application required three, I cannot make it to seven because of some cost cutting issues, maintenance and all.

[10:40]Uh because if everything is dependent on each and everything. So, in order to avoid that problem, I'll make sure that only required number of services it should have.

[10:49]Uh and also I'll make it most of the things I'll make it as stateless components, stateless components. So we can use horizontally by adding more instance during spikes.

[11:00]And we'll use load balancers as well. Okay. And also we'll be using some caching techniques to each and every time to make the call to the backend service which will reduce the traffic.

[11:12]Like we can use Redis cache and store it in our things and we can use wherever we required. That's correct. Okay.

[11:20]So how how would you optimize JVM startup time? JVM will use.

[11:27]Quick start to reduce the time spent on uh with compiler during quick start means I didn't get you.

[11:43]Uh what we call that uh Have you heard about GraalVM?

[11:51]No. Okay. Um No. Uh uh yeah, while even I saw this, uh I'll tell basically so I think in your interviews only I've started how to reduce the time whenever we run any Spring Boot application if I'm not wrong.

[12:10]From that I got to know this while reading I got to know this as well. So only one thing I know is like X quick start while running the uh compiler or something like that.

[12:23]Okay. Yeah that may be the answer. I'm not aware.

[12:27]Another one Maybe another way I guess. We could use yeah, maybe another way. But we could use GraalVM native image for fast startup class data sharing to reuse class metadata, right? AOT compilation. Okay.

[12:44]Do you know about object pooling? Yes. Okay, please go ahead.

[12:48]Uh What we call what basically So, it's a technique where we'll create a pool of uh what we call reusable objects.

[12:56]Uh instead of creating and destroying them repeatedly. What is the main use of this object pulling is like it will improve the performance by creating the overhead object creation and then garbage collection.

[13:14]So basically it's like yeah, we we object pooling is like connection pooling. I think most of the most of them we have heard the call as connection pool while creating the database connections. Similar way we'll creating multiple reusable objects.

[13:32]Yep, yep. That's correct. Um So Sandeep, can you please explain JVM architecture, like the role of class loader, runtime data areas and execution engine.

[13:46]Okay. Uh So basically this JVM architecture is several is made up of several components which is used to which all together which is used to run the Java program. That is the main thing.

[14:06]Uh as you asked for the class loader thing, uh it loads the class files into our JVM memory.

[14:13]Uh we have uh what we call different types of uh hierarchy like bootstrap, extensions uh that loads core Java classes extensions and applications classes respectively.

[14:28]Uh if I'm not wrong, uh I think uh correct me if if I'm not if I'm wrong. I think class loader is responsible for uh what we call assigning default values to all the different types of uh data types.

[14:44]If if I'm not wrong. Uh that is one thing. And also uh as we know different types of objects like Heap, stack, uh string constant pool and all method area where we'll have um object uh space allocated for constants and static variables. Heap for all objects.

[15:03]Uh What's the difference between heap and heap memory? Heap is used to store all the objects basically. Where all the objects is stored.

[15:25]Uh and also uh when any object is created in Heap Heap memory, it is uh managed by garbage collectors and it can be uh shared across all the threads. That is one thing.

[15:39]While coming to stack stack memory, uh mainly it's used to store some local variables and references.

[15:48]Uh in this case, uh each thread will have its own stack or something like that. And also stack memory is uh limited in size.

[15:59]Which heap has some larger memory allocation based on the dynamic memory allocation. Yes, yes. Correct. Correct.

[16:07]Okay. Can you explain the Java's thread life cycle and also the difference between blocked, waiting and time waiting states?

[16:16]Java thread life cycle. Yes, yes. Yeah. So, we'll have new, runnable, running, blocked and dead or terminated.

[16:27]Uh basically uh when a thread enters into that, it will be in new state which that means that thread is not yet started. After calling the start method that thread will be in uh runnable state and I think it will be waiting for the CPU approval to CPU time to run to run the job.

[16:48]Uh and whenever we write any waiting or asynchronous calls, it will be in blocked or waiting state. And terminated when thread finishes its complete task, it is in terminated.

[17:11]Yes, yes, that's correct. Okay. So Sandeep, do you know about lock striping?

[17:19]Lock striping, no. Okay. So concurrent hash map uses it internally, do you know?

[17:28]Yes. Yeah, please go ahead. Yeah. So I think this concurrent hash map will come into the picture when I guess when we are reading and making some changes to the map, concurrent exception will occur.

[17:43]In order to avoid that problem, we will be using this concurrent hash map. Okay. What we'll do is like internal it will divide the data into multiple segment and segments and strikes or stripes if I'm not wrong.

[18:00]Uh and each one will have its own lock to perform some operations without blocking each other. And also this is used to help the uh what we call performance by locking and locking only the specific grain object instead of completely blocking the entire map.

[18:24]What happens in this case is like threads can operate on different parts of the map simultaneously. Redundant bottleneck we can solve that issue. Okay. Yep, yep. That's correct.

[18:37]So Sandeep tell me, let's say if there are some concurrency issues in the hash map, we could use concurrent hash map, right?

[18:44]But if there are some issues in hash set, so what would be used in used? So as we know hash map is not thread safe and multiple threads is modifying it concurrently.

[19:05]So it can throw some what we call concurrent modification exception. Same thing is I mean there in the Hash set, right? Yes.

[19:15]So what's alternative in the hash set then? If we want to use the thread safe hash set. So, uh what would you use?

[19:32]I think concurrent hash maps new hash set or something new key set if I'm not wrong. No, no. Oh, yeah, obviously by using concurrent hash map, we can work with the set as well.

[19:50]We can work with keys or values, right? And sorry, keys and main values. Yeah, yeah, synchronized collections, synchronized. Yeah, yeah, yeah.

[20:00]Actually yeah, there were two ways I guess one is concurrent hash map new case set which provides a concurrent set by a concurrent hash map. Other one is like yeah, collections dot synchronized set.

[20:19]Yep, yep. Okay. But what's the drawback of using collections or synchronized map, synchronized set, synchronized list?

[20:30]What is the drawback of using these collections dot synchronized map, synchronized set, synchronized list?

[20:44]I think maybe it will reduce some performance because of some high occurrences. No, no. Because of any locking system, internally. Yeah, yeah, because of locking system.

[21:00]Locks the entire map or set or this it doesn't work based on the segments, right? Segments or stripes what's happening in the main concurrent hash map. Yep, yep. Yeah, correct. Correct. Complete logging system.

[21:16]Okay. So Sandeep, since you have migrated to Java 21 or migrating to Java 21, do you know the concept of virtual threads in Java 21?

[21:30]Virtual threads. We call it Project Loom also. Yes, I heard this. Yeah. It's like lightweight threads managed by, I guess, Java runtime rather than the OS. The main thing.

[21:54]And also, uh, they are used to write concurrent code much simpler, uh, and also we can use the same thread, uh, per model but, uh, which will which will make the better scalability.

[22:12]Yep, yep. Virtual threads are lightweight threads managed by JVM instead of OS. They allow handling thousands of concurrent tasks efficiently.

[22:20]Yeah, I think basically they they will be calling it as game game changer for concurrency in Java. Yes, yes. In 21. Yes. Java 21.

[22:29]Since uh, since you said you are migrating to Java 21, so questions from Java 21 could be asked to you. Be prepared. Yes. Okay. And how does Spring's async annotation work under the hood or behind the scene?

[22:53]Okay. Uh especially in case of asynchronous calls, whenever we write any method with asynchronous, it's annotated with asynchronous.

[23:03]Uh I think whenever we run the application, that async method will have a separate thread to finish its task.

[23:14]Uh and also whenever it's the thread submits the method to the call, uh what task executor, uh which is managed by the thread pool.

[23:27]And also uh it will enable some non-blocking behavior as well. Simple asynchronous task is due to something like that. It uses Spring proxy.

[23:38]And run methods in a separate thread pool. Right? Correct, correct. Yep, yep, yep. Okay. Have you worked with Spring WebFlux? WebFlux sorry.

[23:51]No. No. Okay. Basically WebFlux supports non-blocking reactive programming. Right? Okay.

[24:00]Okay. Um moving ahead. Uh Do you know about event listener annotation?

[24:14]Yes. Yeah, please go ahead. Yeah. So, uh this is as as discussed with the asynchronous. So, whenever we'll be using the same similar way of annotation like event listener. Uh Spring automatically calls that method when we annotate at theate event listener, uh which matches with that specific event type.

[24:40]And also, uh this removes this removes the need of uh implement application listener explicitly. Uh which is uh which makes the code more readable and easier to maintain.

[24:57]And also it supports features like uh conditional event and asynchronous processing, uh fast driven responses, event driven response, not fast driven, event driven responses.

[25:11]Yep, yep. That's correct. Okay. So Sandeep, uh when would you use retriable annotation versus manual retry logic?

[25:23]Retriable and then manual retry. Retriable uh will be using when any method on failure basis.

[25:39]Like maximum number of times it's it want to reattempt or recall any exceptions. So, you don't want to write your code for yourself.

[25:52]That is I think retriable. Manual retry logic is like write your own loops or recursive calls to retrieve operations.

[26:02]Yep, yep. That's correct. Okay. So, how would you implement distributed locking in Spring Boot?

[26:20]Distributed or basic locking in in Spring Boot? Okay. Uh I think distributed is used when we have multiple instances of our applications like Yeah, microservices because it needs to coordinate access to shared sources across the all the services.

[26:52]And also for distributed locking we'll be using Redis and Zookeeper to create the locks. Kafka Zookeeper. Only one instance can perform some critical operations at a time. Yep, yep.

[27:11]It can also be implemented by using Redis if you have used. Yes, Redis or database. Redis or Zookeeper. Yes. Yep, yep. Okay.

[27:23]So in microservices, have you heard about ACL pattern? Anti-corruption layer pattern?

[27:30]ACL or anti-corruption? Yes. Yeah, ACL Yeah, abbreviation ACL anti-corruption pattern.

[27:38]It's same like I think if I'm not wrong, it's one of the design patterns what we have some architecture, sorry, orchestrator another design patterns during in microservices implementation. Uh what basically this ACL is used to protect our system being from being tightly coupled to external systems or legacy code.

[28:00]Uh and also it acts like a translator between system and the external system. Converting our all the data and calls unaffected by the external changes.

[28:13]What we call it is used to maintain some integrity and uh what we call inconsistency of any poorly designed architectures, any in any of the service. Yeah. Okay. Yep, yep. That's correct.

[28:30]Um What is the sidecar pattern? Have you heard about sidecar pattern?

[28:37]No. No. Okay. No. It runs a helper component alongside the main service in service mesh sidecar handle networking logging security and monitoring without modifying the application code. It's like we do logging in Spring Boot.

[28:58]We use AOP something like that. Yeah, I got it like yeah, any AOP basically you said any logging information, any validations before entering into the controller it it will do some validations if it success then only it will come to the main application. Yeah, same as like AOP Spring AOP. Yep, yep.

[29:20]Okay. Um moving ahead. Uh Do you know about blue green deployment?

[29:28]Yes. Yeah, please go ahead. Yeah. So basically we'll be using this in production deployments mainly because nonprod, okay, somehow it goes down also, we can ask some our testers to wait for some time and we can fix it.

[29:43]But in case of production, it will be a big loss if goes down and it will be hectic until we resolve. So what we'll do is like, uh we'll be using this blue green deployments in production mainly.

[29:58]So we have two different types of environments. Blue is uh which is in live for production and green will be which is about to go to the production. We can consider new version.

[30:09]So this will be calling it as blue green version. What we'll do? Uh we'll deploy this green environment, like which is new environment.

[30:19]While uh old blue is still serving the users. Once the this new version green deployment is completely tested and ready to use, we can switch your traffic from blue to green.

[30:33]And we can decommission the blue and we can make the green instant lively for all the customers in prod. Okay.

[30:44]And also this will help us to roll back to the older one if something goes wrong. Uh anything went wrong during while testing in prod that also helps switching back easily.

[31:00]Yep, yep. That's correct. Okay. So Sandeep, now I will give you a few coding questions, right? You are able, I mean, are you comfortable doing in stream API?

[31:13]Yes. Yes. And normal coding also, right? Yeah, let's see how it goes or not. Okay. So Sandeep, can you please share your screen and open any editor, local editor or online editor? It's up to you.

[31:30]Then I will share a recording question, right? One by one. Okay. All the IDs are my internal projects, all the letters. One second.

[31:40]Can you see this Chrome tab? Yes, yes. I could see. Okay. So the question is um you are given a list of numbers, right? And you have to print the top third number from the list.

[32:04]Okay. So basically it's like highest third number here after. Yes, yes. Highest third number. Okay. Yep. Yeah, please do it.

[32:17]Okay. Or else can I use this notepad? That's okay, fine. Uh list of uh stream filter, okay.

[38:21]And don't use any uh direct methods like there are some inbuilt methods subst or something like that.

[38:31]Okay. Uh something Yeah.