cd /news/cybersecurity/spring-boot-interview-questions · home topics cybersecurity article
[ARTICLE · art-9718] src=dev.to ↗ pub= topic=cybersecurity verified=true sentiment=· neutral

Spring boot Interview Questions

This article provides a factual summary of key Spring Boot interview topics, focusing on CORS (Cross-Origin Resource Sharing) and CSRF (Cross-Site Request Forgery). It explains that CORS is a browser security mechanism that controls cross-origin HTTP requests, required when frontend and backend run on different domains or ports, and demonstrates how to configure it in Spring Boot using `@CrossOrigin` annotations or global configuration. The article also defines a CSRF attack as a security exploit where a malicious site tricks an authenticated user into sending unauthorized requests to another application where the user is logged in.

read1 min views22 publishedMay 22, 2026

1. What is CORS and why is it required?

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that allows/restricts APIs from being accessed by another domain.

Example:

Frontend: http://localhost:3000

Backend API: http://localhost:8080

These are different origins because ports are different.

Without CORS configuration, browser blocks the request.

Why required?

To securely allow frontend applications to call backend APIs hosted on different domains/ports.

Interview Answer:

CORS is a browser security feature that controls cross-origin HTTP requests. It is required when frontend and backend run on different domains, ports, or protocols. In Spring Boot, we configure CORS to allow trusted origins to access APIs securely.

2. How do you configure CORS in Spring Boot?

Using @CrossOrigin

Java

@RestController

@CrossOrigin(origins = "http://localhost:3000")

public class UserController {

}

Global Configuration

Java

@Configuration

public class CorsConfig {

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**")
                    .allowedOrigins("http://localhost:3000")           .allowedMethods("GET", "POST", "PUT", "DELETE");
        }
    };
}

}

Real-time usage:

In production, React/Angular frontend calls Spring Boot APIs from another domain.

3. What is CSRF attack?

CSRF = Cross Site Request Forgery

It tricks a logged-in user into performing unwanted actions.

Example:

User logged into banking site

Malicious website sends transfer request automatically

Browser sends session cookie

Server thinks request is genuine

Interview Answer:

CSRF attack occurs when a malicious site tricks an authenticated user into sending unauthorized requests to another application where the user is already logged in.

── more in #cybersecurity 4 stories · sorted by recency
── more on @spring boot 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/spring-boot-intervie…] indexed:0 read:1min 2026-05-22 ·