A development team is building a library of custom Spring Boot auto-configurations. To ensure a custom configuration `MyCustomAutoConfiguration` is only activated when the `ThirdPartyService.class` is present on the classpath, and a bean of type `DataSource` has already been configured by another auto-configuration, which combination of annotations should be used on the configuration class?
A developer is implementing an AOP aspect to log method executions. They notice that when a public method calls another public method within the same service bean, the advice is not triggered for the second, inner method call. What is the fundamental reason for this behavior in Spring's proxy-based AOP?
A financial application needs to perform a complex operation involving two separate database updates. The outer service method, `transferFunds()`, is annotated with `@Transactional(propagation = Propagation.REQUIRED)`. It calls an inner service method, `logAudit()`, which must commit its record regardless of whether the `transferFunds` operation succeeds or fails. Which propagation level should be applied to the `logAudit()` method to achieve this behavior?
A developer needs to configure a Spring Security setup for a REST API. The requirement is to allow unauthenticated access to `/api/public/**` endpoints, while all other endpoints under `/api/**` must be authenticated. Which two of the following `HttpSecurity` configurations correctly implement this requirement? (Select TWO)
When writing a slice test for a Spring Data JPA repository using `@DataJpaTest`, the test transaction will, by default, roll back at the end of each test method.
A Spring Boot application needs to connect to a database whose credentials are provided via environment variables `DB_URL`, `DB_USER`, and `DB_PASS`. The `application.properties` file contains the following entries: `spring.datasource.url=${DB_URL:jdbc:h2:mem:defaultdb}` `spring.datasource.username=${DB_USER:sa}` `spring.datasource.password=${DB_PASS:}` If the `DB_USER` environment variable is NOT set, but `DB_URL` and `DB_PASS` are, what value will be used for the datasource username?
An architect is designing a REST API using Spring MVC. The API needs to return different JSON representations of a `User` object depending on the endpoint. For example, `/api/users/{id}` should return all user fields, but `/api/users/summary` should return only the `id` and `username`. What is the most appropriate Spring feature to implement this requirement without creating separate DTOs (Data Transfer Objects) for each view?
A developer needs to create a Spring bean that calculates a value based on other beans, but this calculation only needs to happen once at startup. The result should then be cached and injected into other components. Which combination of annotations and lifecycle callbacks is most suitable for this scenario?
A Spring Boot application uses a `JdbcTemplate` to perform database queries. During a code review, a senior developer points out a potential SQL injection vulnerability in the following code snippet: `String status = "ACTIVE";` `String sql = "SELECT * FROM users WHERE status = '" + status + "'";` `jdbcTemplate.query(sql, userRowMapper);` What is the best way to refactor this code to prevent the SQL injection vulnerability?
**Company Background** A large e-commerce company, "ShopFast", is modernizing its monolithic backend. They are adopting a microservices architecture and have chosen Spring Boot for new services. One of the first services being built is the `OrderProcessingService`. This service needs to be highly available and observable. **Current Situation** The development team has built the core logic for the `OrderProcessingService`. It exposes several REST endpoints for creating and querying orders. The service interacts with a PostgreSQL database and a RabbitMQ message queue. The company has a centralized Prometheus server for metrics collection and Grafana for dashboarding. The security team mandates that all management endpoints must be secured and only accessible by administrators. **Requirements** 1. The service must expose its operational status, including database connectivity and message queue health. 2. Key business metrics, such as `orders_created` and `order_processing_time`, must be exposed in a format compatible with Prometheus. 3. All management and monitoring endpoints must be exposed on a separate port from the main application port (8080) for security reasons. 4. Access to these management endpoints must be restricted to users with the `ADMIN` role. **Question** Which set of configurations in `application.properties` and dependencies in `pom.xml` will satisfy all the stated requirements?