Java EE & Spring Framework
Java EE & Spring Framework
`web.xml` (Deployment Descriptor) in the 14. Safe HTTP methods (3.5 marks)
WEB-INF directory
Safe methods don't modify resources: GET,
9. Java utility to manage DB connections (2 HEAD, OPTIONS
marks)
15. Idempotent methods (3.5 marks)
Apache Commons DBCP (Database Connection
Pool) or HikariCP Idempotent methods produce same result if
called once or multiple times: GET, PUT,
10. Comparison with JDBC (2 marks) DELETE, HEAD, OPTIONS
12. HTTP methods mapped to CRUD (4 17. How CORS acts as security mechanism
marks) (3 marks)
- GET → Read
- POST → Create CORS protects users by:
- PUT → Update (full resource) - Restricting cross-origin requests by default
- PATCH → Update (partial resource) - Requiring server consent via headers
- DELETE → Delete - Preventing malicious sites from making
unauthorized requests to other domains
13. Simple request vs Preflight request (3
marks) 18. Step-by-step solution for CORS errors (8
marks)
- Simple request: Direct request using GET,
POST or HEAD with allowed headers 1. Configure server to include CORS headers
- Preflight request: OPTIONS request sent (`Access-Control-Allow-Origin`)
before actual request for CORS, checks if 2. For Spring, use `@CrossOrigin` annotation
server allows the actual requestA real-world on controllers
3. Or create a global CORS configuration with
`WebMvcConfigurer`
4. For complex requests, ensure proper 23. Define Dependency Injection (2 marks)
handling of OPTIONS (preflight)
5. Set allowed methods, headers, and DI is a design pattern where objects receive
credentials if needed their dependencies from an external source
6. Test with different browsers rather than creating them directly, promoting
7. Consider security implications of permissive loose coupling.
CORS settings
8. For production, specify exact origins rather 24. Methods for DI in Spring (3 marks)
than "*"
1. Constructor injection (recommended)
Phase 6: Spring Core Concepts 2. Setter injection
3. Field injection (using `@Autowired`)
19. Why choose Spring Framework? (2
marks) 25. Explain Inversion of Control (2 marks)
- `/api/v1/customer` (exact):
Bean ambiguity occurs when multiple beans of
Matches only the exact path
the same type exist. Solutions:
`/api/v1/customer`.
1. `@Primary` to mark preferred bean
2. `@Qualifier` to specify bean name
Example:
3. Use specific bean names in injection points
@GetMapping("/api/v1/customer")
Example:
public interface CustomerRepository extends
JpaRepository<Customer, Long>
Term Definition
Term Definition
- Purpose: Used for integration testing in Defines the lifecycle and visibility of a bean.
Spring Boot. Loads the full application context. Scopes:
- Example: - `singleton` (default: one instance per
@SpringBootTest container)
class CustomerControllerTest { - `prototype` (new instance each time)
@Autowired
- `request` (per HTTP request)
private MockMvc mockMvc;
- `session` (per user session)
@Test
void testGetCustomer() throws Exception { 7. How would you handle exceptions
mockMvc.perform(get("/api/customer/1")) globally in Spring Boot? (3 marks)
.andExpect(status().isOk());
}
} Use `@ControllerAdvice`+`@ExceptionHandler`:
@ControllerAdvice
3. How does Spring Security handle
public class GlobalExceptionHandler {
authentication? (3 marks)
@ExceptionHandler(ResourceNotFoundException.class)
1. User submits credentials (e.g., login public ResponseEntity<String>
form/JWT). handleNotFound(ResourceNotFoundException ex) {
return
2. `AuthenticationManager` validates
ResponseEntity.status(404).body(ex.getMessage());
credentials using `UserDetailsService`. }
3. On success, a `SecurityContext` is created }
with the user’s `Authentication` object.
# Database config
13. Explain the purpose of the
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.username=sa @Transactional annotation in Spring (3
marks)
# Server port
server.port=8081
@Transactional:
●Declares that a method or class should be
10. What is the difference between
executed within a database transaction
`@Mock` and `@MockBean`? (2 marks)
●Provides ACID properties (Atomicity,
Consistency, Isolation, Durability)
- `@Mock`: Creates a mock using Mockito
●Can be configured with:
(plain unit tests).
Propagation behavior (e.g., REQUIRED,
- `@MockBean`: Adds/replaces a Spring
REQUIRES_NEW)
context bean with a mock (used in
Isolation level
`@SpringBootTest`).
Timeout
Read-only mode
Rollback rules
14. What is the purpose of the
DispatcherServlet in Spring MVC? (3 marks)
@GetMapping("/users/{id}")
public User getUser(@PathVariable Long id,
@RequestParam(required = false) String details) {
// ...
}
@Repository
public interface StudentRepository extends
JpaRepository<Student, Long> {
List<Student> findByName(String name);
}