{"slug": "spring-boot-interview-questions", "title": "Spring boot Interview Questions", "summary": "This article provides a factual summary of key Spring Boot interview topics, focusing on CORS (Cross-Origin Resource Sharing) and CSRF (Cross-Site Request Forgery). It explains that CORS is a browser security mechanism that controls cross-origin HTTP requests, required when frontend and backend run on different domains or ports, and demonstrates how to configure it in Spring Boot using `@CrossOrigin` annotations or global configuration. The article also defines a CSRF attack as a security exploit where a malicious site tricks an authenticated user into sending unauthorized requests to another application where the user is logged in.", "body_md": "**1. What is CORS and why is it required?**\n\nCORS (Cross-Origin Resource Sharing) is a browser security mechanism that allows/restricts APIs from being accessed by another domain.\n\nExample:\n\nFrontend: [http://localhost:3000](http://localhost:3000)\n\nBackend API: [http://localhost:8080](http://localhost:8080)\n\nThese are different origins because ports are different.\n\nWithout CORS configuration, browser blocks the request.\n\nWhy required?\n\nTo securely allow frontend applications to call backend APIs hosted on different domains/ports.\n\nInterview Answer:\n\nCORS is a browser security feature that controls cross-origin HTTP requests. It is required when frontend and backend run on different domains, ports, or protocols. In Spring Boot, we configure CORS to allow trusted origins to access APIs securely.\n\n**2. How do you configure CORS in Spring Boot?**\n\nUsing @CrossOrigin\n\nJava\n\n@RestController\n\n@CrossOrigin(origins = \"[http://localhost:3000\"](http://localhost:3000%22))\n\npublic class UserController {\n\n}\n\nGlobal Configuration\n\nJava\n\n@Configuration\n\npublic class CorsConfig {\n\n```\n@Bean\npublic WebMvcConfigurer corsConfigurer() {\n    return new WebMvcConfigurer() {\n        @Override\n        public void addCorsMappings(CorsRegistry registry) {\n            registry.addMapping(\"/**\")\n                    .allowedOrigins(\"http://localhost:3000\")           .allowedMethods(\"GET\", \"POST\", \"PUT\", \"DELETE\");\n        }\n    };\n}\n```\n\n}\n\nReal-time usage:\n\nIn production, React/Angular frontend calls Spring Boot APIs from another domain.\n\n**3. What is CSRF attack?**\n\nCSRF = Cross Site Request Forgery\n\nIt tricks a logged-in user into performing unwanted actions.\n\nExample:\n\nUser logged into banking site\n\nMalicious website sends transfer request automatically\n\nBrowser sends session cookie\n\nServer thinks request is genuine\n\nInterview Answer:\n\nCSRF attack occurs when a malicious site tricks an authenticated user into sending unauthorized requests to another application where the user is already logged in.", "url": "https://wpnews.pro/news/spring-boot-interview-questions", "canonical_source": "https://dev.to/poojithalakkaraju/spring-boot-interview-questions-1eol", "published_at": "2026-05-22 18:18:21+00:00", "updated_at": "2026-05-22 18:32:41.142045+00:00", "lang": "en", "topics": ["cybersecurity", "developer-tools", "enterprise-software"], "entities": ["Spring Boot", "React", "Angular"], "alternates": {"html": "https://wpnews.pro/news/spring-boot-interview-questions", "markdown": "https://wpnews.pro/news/spring-boot-interview-questions.md", "text": "https://wpnews.pro/news/spring-boot-interview-questions.txt", "jsonld": "https://wpnews.pro/news/spring-boot-interview-questions.jsonld"}}