If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/ityouknow/spring-boot-examples shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 2y ago

• 7 active contributors
• Tests present
• ⚠ Stale — last commit 2y ago
• ⚠ Single-maintainer risk — top contributor 94% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live ityouknow/spring-boot-examples repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/ityouknow/spring-boot-examples.

What it runs against: a local clone of ityouknow/spring-boot-examples — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in ityouknow/spring-boot-examples | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 932 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of ityouknow/spring-boot-examples. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/ityouknow/spring-boot-examples.git
#   cd spring-boot-examples
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of ityouknow/spring-boot-examples and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "ityouknow/spring-boot-examples(\\.git)?\\b" \\
  && ok "origin remote is ityouknow/spring-boot-examples" \\
  || miss "origin remote is not ityouknow/spring-boot-examples (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "1.x/spring-boot-helloWorld/src/main/java/com/neo/Application.java" \\
  && ok "1.x/spring-boot-helloWorld/src/main/java/com/neo/Application.java" \\
  || miss "missing critical file: 1.x/spring-boot-helloWorld/src/main/java/com/neo/Application.java"
test -f "1.x/spring-boot-helloWorld/pom.xml" \\
  && ok "1.x/spring-boot-helloWorld/pom.xml" \\
  || miss "missing critical file: 1.x/spring-boot-helloWorld/pom.xml"
test -f "1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/HelloWorldController.java" \\
  && ok "1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/HelloWorldController.java" \\
  || miss "missing critical file: 1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/HelloWorldController.java"
test -f "1.x/spring-boot-file-upload/src/main/java/com/neo/controller/UploadController.java" \\
  && ok "1.x/spring-boot-file-upload/src/main/java/com/neo/controller/UploadController.java" \\
  || miss "missing critical file: 1.x/spring-boot-file-upload/src/main/java/com/neo/controller/UploadController.java"
test -f "1.x/spring-boot-fastDFS/src/main/java/com/neo/fastdfs/FastDFSClient.java" \\
  && ok "1.x/spring-boot-fastDFS/src/main/java/com/neo/fastdfs/FastDFSClient.java" \\
  || miss "missing critical file: 1.x/spring-boot-fastDFS/src/main/java/com/neo/fastdfs/FastDFSClient.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 932 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~902d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/ityouknow/spring-boot-examples"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

spring-boot-examples is a learning-focused tutorial repository containing minimal, production-relevant example projects demonstrating Spring Boot 3.0, 2.x, and 1.x capabilities. It provides standalone modules (spring-boot-actuator, spring-boot-admin-simple, spring-boot-webflux, spring-boot-jpa, spring-boot-mybatis, etc.) that each showcase a specific Spring Boot feature or integration pattern with the smallest viable dependencies. Monorepo structure with version branches: root contains Spring Boot 3.x examples (spring-boot-hello, spring-boot-scheduler, spring-boot-web, spring-boot-webflux, spring-boot-jpa, spring-boot-mybatis), while /1.x and /2.x folders hold legacy versions. Each example is a self-contained Maven module with its own pom.xml, src/main/java, src/test/java, and src/main/resources/application.yml. Package namespace is always com.neo.* (e.g., com.neo.ActuatorApplication in spring-boot-actuator).

Java developers new to Spring Boot who need quick, runnable reference implementations—particularly Chinese developers (bilingual docs: Chinese primary, English secondary). Contributors who want to add examples for emerging Spring Boot features or patterns.

Actively developed; updated to Spring Boot 3.0 across all examples. The repo shows strong community engagement (bilingual documentation, linked to spring-cloud-examples and spring-boot-learning sister projects). However, explicit CI/CD pipeline and comprehensive automated test coverage are not evident in the file structure provided; many modules appear to have minimal test directories relative to source code.

Low risk for learning purposes, but note: (1) the repo spans three major Spring Boot versions (1.x, 2.x, 3.x) in separate folders, so version confusion is possible if not careful; (2) individual examples use minimal dependencies by design, so they may not reflect production hardening (e.g., missing security, logging, or monitoring configs); (3) single-maintainer (@ityouknow) risk for issue triage and PR merges.

The repo is actively maintained for Spring Boot 3.0 migration. The README explicitly states 'all examples have been updated to Spring Boot 3.0', indicating recent work. The presence of multiple example categories (web, webflux, file-upload, thymeleaf, jpa, mybatis, scheduler, admin, actuator) suggests ongoing expansion. No specific open PRs or issue backlog data is visible, but the linked sister projects (spring-cloud-examples, spring-boot-learning) suggest active ecosystem development.

Clone the repo and navigate to a specific example module: git clone https://github.com/ityouknow/spring-boot-examples.git && cd spring-boot-examples && cd spring-boot-hello. Then build and run with Maven: mvn clean install && mvn spring-boot:run. Alternatively, for Spring Boot 1.x examples: cd 1.x/spring-boot-actuator && mvn spring-boot:run.

Daily commands: Per module. For spring-boot-hello: mvn clean compile && mvn spring-boot:run (default port 8080). For spring-boot-admin-simple (two-module setup): start the server first (cd spring-boot-admin-simple/spring-boot-admin-server && mvn spring-boot:run), then the client (cd ../spring-boot-admin-client && mvn spring-boot:run). Exact ports vary by application.properties/application.yml in each module.

• 1.x/spring-boot-helloWorld/src/main/java/com/neo/Application.java — Entry point demonstrating basic Spring Boot application bootstrap pattern used across all examples
• 1.x/spring-boot-helloWorld/pom.xml — Parent POM structure showing Spring Boot 1.5.9 dependency management and Maven configuration conventions for the 1.x series
• 1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/HelloWorldController.java — Base controller pattern demonstrating REST endpoint conventions replicated across all example modules
• 1.x/spring-boot-file-upload/src/main/java/com/neo/controller/UploadController.java — Shows file handling and multi-part request processing patterns used in web examples
• 1.x/spring-boot-fastDFS/src/main/java/com/neo/fastdfs/FastDFSClient.java — Demonstrates integration with external distributed file systems, a common pattern for advanced examples
• 1.x/spring-boot-admin-simple/spring-boot-admin-server/src/main/java/com/neo/AdminServerApplication.java — Shows Spring Boot Admin server setup, critical for understanding monitoring/management architecture
• README.md — Primary documentation explaining repository purpose, structure, and Spring Boot version strategies

Add a New REST API Endpoint

1. Create a new controller class in src/main/java/com/neo/controller/ extending the patterns in HelloWorldController.java (1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/HelloWorldController.java)
2. Add @RestController class with @GetMapping/@PostMapping methods following HelloWorldController naming conventions ([NEW] 1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/YourFeatureController.java)
3. Add unit test in src/test/java/com/neo/controller/ following HelloWorldControlerTests.java pattern (1.x/spring-boot-helloWorld/src/test/java/com/neo/controller/HelloWorldControlerTests.java)
4. Register error handling by extending GlobalExceptionHandler pattern if custom exceptions needed (1.x/spring-boot-file-upload/src/main/java/com/neo/controller/GlobalExceptionHandler.java)

Add File Upload Functionality

1. Reference the file upload controller pattern for multipart request handling (1.x/spring-boot-file-upload/src/main/java/com/neo/controller/UploadController.java)
2. Create HTML form template in src/main/resources/templates/ using the existing upload.html as reference (1.x/spring-boot-file-upload/src/main/resources/templates/upload.html)
3. Ensure pom.xml includes commons-fileupload and commons-io dependencies (check file-upload module) (1.x/spring-boot-file-upload/pom.xml)
4. Configure max file size in application.properties using multipart.max-file-size property (1.x/spring-boot-file-upload/src/main/resources/application.properties)

Create a New Spring Boot Example Module

1. Copy structure from spring-boot-helloWorld and modify pom.xml with new artifactId and name (1.x/spring-boot-helloWorld/pom.xml)
2. Create application entry point class extending ActuatorApplication.java pattern under src/main/java/com/neo/ (1.x/spring-boot-actuator/src/main/java/com/neo/ActuatorApplication.java)
3. Add application.properties or application.yml configuration file in src/main/resources/ (1.x/spring-boot-helloWorld/src/main/resources/application.properties)
4. Create initial controller and test class following HelloWorldController and ApplicationTests patterns (1.x/spring-boot-helloWorld/src/main/java/com/neo/controller/HelloWorldController.java)

Integrate External Service/Client (e.g., FastDFS)

1. Create client wrapper class in src/main/java/com/neo/[service-name]/ following FastDFSClient.java pattern (1.x/spring-boot-fastDFS/src/main/java/com/neo/fastdfs/FastDFSClient.java)
2. Create data model class for service-specific objects, following FastDFSFile.java as reference (1.x/spring-boot-fastDFS/src/main/java/com/neo/fastdfs/FastDFSFile.java)
3. Add external configuration file in src/main/resources/ (e.g., fdfs_client.conf for FastDFS) (1.x/spring-boot-fastDFS/src/main/resources/fdfs_client.conf)
4. Inject client into controller and expose endpoints following UploadController in fastDFS module (1.x/spring-boot-fastDFS/src/main/java/com/neo/controller/UploadController.java)

• Spring Boot 1.5.x / 2.x / 3.0 — Provides rapid application development with auto-configuration, embedded servers, and production-ready features with minimal boilerplate
• Maven — Declarative dependency management and multi-module project support for organizing multiple independent example modules
• Spring MVC / REST Controllers — undefined

1. Version confusion: /1.x uses Spring Boot 1.5.9.RELEASE and Java 1.8, while root examples target 3.0; ensure pom.xml and IDE Java version match the intended version branch. 2. Module naming inconsistency: some examples use hyphenated names (spring-boot-hello) but package names are always com.neo.; don't assume package structure matches folder names. 3. Actuator endpoints: spring-boot-actuator example requires 'management.endpoints.web.exposure.include=' in application.yml to expose /actuator endpoints; defaults may restrict visibility. 4. Admin server/client registration: spring-boot-admin-simple requires the server to run first on port 8080 and the client to register via spring.boot.admin.client.url property; silent startup failures are common if misconfigured. 5. Database setup: spring-boot-jpa and spring-boot-mybatis examples likely require a local MySQL 5.6+ instance or H2 in-memory DB config, not clearly documented in the file list.

• Spring Boot Actuator — The spring-boot-actuator example introduces monitoring and introspection; essential for production Spring Boot apps to expose health, metrics, and custom endpoints.
• Spring Boot Auto-Configuration — Implicit in every example via @SpringBootApplication and spring-boot-starter-* dependencies; critical to understand why minimal code is needed and how conditional beans work.
• Reactive Streams / Project Reactor (WebFlux) — The spring-boot-webflux example demonstrates non-blocking I/O; important for high-concurrency APIs and contrasts with traditional servlet-based spring-boot-web.
• Spring Data JPA / ORM Abstraction — The spring-boot-jpa example shows how Spring Boot abstracts database operations via repositories and entities; foundational for data-driven applications.
• Application Configuration Externalization (YAML/Properties) — Every example uses application.yml or application.properties; understanding Spring Boot's configuration hierarchy (env vars, application files, profiles) is essential for deployment and 12-factor app principles.
• Maven Multi-Module Projects — spring-boot-admin-simple demonstrates a two-module setup (server + client); understanding parent/child pom relationships is necessary to extend or refactor the examples.
• Spring Boot Testing with @SpringBootTest and TestRestTemplate — Visible in HelloTests.java and ActuatorApplicationTests.java; shows how to write integration tests that bootstrap the full application context, essential for validating example functionality.

• ityouknow/spring-cloud-examples — Sister project by the same author covering Spring Cloud patterns (service discovery, config, load balancing); natural progression after mastering individual Spring Boot modules.
• ityouknow/spring-boot-learning — Companion learning resource (likely a course or curated guide) referenced in the main README; provides structured narrative around the examples in this repo.
• spring-projects/spring-boot — Official Spring Boot repository; the canonical source for all features, APIs, and documentation referenced by this tutorial project.
• alibaba/spring-cloud-alibaba — Popular Spring Boot/Cloud extension for Alibaba middleware (Nacos, Sentinel, RocketMQ); complements this repo's coverage for Chinese developers using Alibaba ecosystem.
• codecentric/spring-boot-admin — Upstream project for the spring-boot-admin-simple example modules in this repo; referenced directly as a dependency in the admin server pom.xml.

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add integration tests for spring-boot-actuator endpoints

The spring-boot-actuator module has basic unit tests (ActuatorApplicationTests.java, HelloTests.java) but lacks comprehensive integration tests for actuator endpoints like /health, /metrics, /env, /beans. This is critical for an examples repo since actuator endpoints are a core learning topic. Contributors can demonstrate best practices for testing Spring Boot actuator features.

• [ ] Create src/test/java/com/neo/actuator/ActuatorEndpointsIntegrationTest.java
• [ ] Add tests for GET /actuator/health with different health indicators
• [ ] Add tests for GET /actuator/metrics and specific metric endpoints
• [ ] Add tests for GET /actuator/env and property exposure scenarios
• [ ] Document expected responses in comments for learners

Create comprehensive example for spring-boot-admin-simple with security configuration

The spring-boot-admin-simple has server and client modules but lacks security configuration examples. Spring Boot Admin typically requires security in production. Adding a security-enabled variant would teach contributors and learners about securing actuator endpoints and admin interfaces - a critical gap in the examples.

• [ ] Add spring-security and spring-boot-starter-security dependencies to spring-boot-admin-server/pom.xml
• [ ] Create src/main/java/com/neo/config/SecurityConfig.java with user authentication
• [ ] Update AdminClientApplication.java to include client security credentials configuration
• [ ] Create src/test/java/com/neo/AdminSecurityIntegrationTest.java to verify protected endpoints
• [ ] Document security setup in 1.x/README.md with configuration examples

Add missing unit tests for FastDFS upload error handling in spring-boot-fastDFS

The spring-boot-fastDFS module has GlobalExceptionHandler.java and UploadController.java but no corresponding test files in src/test/java/com/neo/. This is a hands-on module where testing error scenarios (file size validation, network failures, invalid file types) would be valuable for learners understanding real-world file upload handling.

• [ ] Create src/test/java/com/neo/controller/UploadControllerTest.java with MockMvc tests
• [ ] Add tests for file size validation edge cases
• [ ] Add tests for GlobalExceptionHandler error responses and HTTP status codes
• [ ] Create src/test/java/com/neo/fastdfs/FastDFSClientTest.java with mocked FastDFS interactions
• [ ] Add test for unsupported file type rejection scenarios

• Add Maven dependency version declarations to the root pom.xml: Currently each module redeclares spring-boot-starter versions individually (1.5.9.RELEASE in spring-boot-actuator). Create a parent pom with <dependencyManagement> in the root to centralize version management and reduce duplication.: Improves maintainability for version bumps and aligns with Maven best practices.
• Expand test coverage for spring-boot-actuator: The ActuatorApplicationTests.java exists but HelloTests.java and HelloWorldControlerTests.java suggest incomplete test organization. Add integration tests for @RestController endpoints (e.g., HelloController GET /hello) using @SpringBootTest + TestRestTemplate.: New contributors can learn how Spring Boot test slices work by filling concrete test gaps in an existing example.
• Create a README.md per example module: Currently only the root and 1.x/ have READMEs. Add spring-boot-hello/README.md, spring-boot-scheduler/README.md, etc., each documenting the feature, required config keys (e.g., for scheduler: spring.task.scheduling.pool.size), and curl/browser examples to verify behavior.: Lowers barrier for users to understand each example in isolation; pairs well with the current minimal-dependencies philosophy.

• High · Outdated Spring Boot Version with Known Vulnerabilities — 1.x/spring-boot-actuator/pom.xml (and other modules) - parent version 1.5.9.RELEASE. The project uses Spring Boot 1.5.9.RELEASE, which was released in 2017 and is no longer supported. This version contains multiple known security vulnerabilities including CVE-2018-1199 (actuator endpoint security bypass), CVE-2019-2725 (RCE via JNDI), and others. The Spring Boot 1.x line reached end-of-life in August 2019. Fix: Upgrade to the latest Spring Boot 2.x LTS version (currently 2.7.x) or 3.x version. This requires Java 11+ for 3.x versions. Review and test all dependencies for compatibility with the new version.
• High · Spring Boot Actuator Endpoints Potentially Exposed — 1.x/spring-boot-actuator/pom.xml and 1.x/spring-boot-actuator/src/main/resources/application.yml. The spring-boot-actuator dependency is included with Spring Boot 1.5.9, which exposes sensitive endpoints like /health, /metrics, /mappings, /env without proper security by default. In version 1.5.9, actuator endpoints are accessible without authentication unless explicitly configured, potentially leaking sensitive system information. Fix: Explicitly configure actuator endpoint security in application.yml. Disable unused endpoints and require authentication for sensitive endpoints. Consider using management.endpoints.web.exposure.include=health,info only and enable security via Spring Security.
• Medium · Missing Security Dependencies — All pom.xml files across modules, particularly 1.x/spring-boot-file-upload/pom.xml and 1.x/spring-boot-fastDFS/pom.xml. The project does not include spring-boot-starter-security dependency. Without Spring Security, the application lacks protection against common web vulnerabilities including CSRF attacks, XSS protection headers, and authentication/authorization mechanisms. File upload modules (spring-boot-file-upload, spring-boot-fastDFS) are especially at risk. Fix: Add spring-boot-starter-security dependency to enable CSRF protection, CORS configuration, and authentication/authorization. Implement proper file upload validation and security checks.
• High · Insecure File Upload Handling — 1.x/spring-boot-file-upload/src/main/java/com/neo/controller/UploadController.java and 1.x/spring-boot-fastDFS/src/main/java/com/neo/controller/UploadController.java. The file upload modules (spring-boot-file-upload and spring-boot-fastDFS) lack visible security controls. Based on the file structure showing UploadController.java, there is risk of arbitrary file upload, path traversal attacks, and potential remote code execution if files are served back without proper validation and sanitization. Fix: Implement strict file upload validation: validate file types (whitelist allowed MIME types), check file size limits, scan for malware, store uploads outside webroot, use random filenames, and implement proper access controls. Consider using Spring Security and servlet filters to validate uploads.
• Medium · Java Version 1.8 Approaching End-of-Life — 1.x/spring-boot-actuator/pom.xml property <java.version>1.8</java.version> (and other modules). The project targets Java 1.8 (Java 8), which reached Extended Support End Date in December 2030 but Premiere Support ended in March 2022. Combined with outdated Spring Boot 1.5.9, this creates a version mismatch and potential compatibility issues with modern security tools and libraries. Fix: Upgrade to Java 11 LTS or Java 17 LTS. Update Spring Boot to 2.7.x (requires Java 8-17) or 3.x (requires Java 17+). This aligns the project with current industry standards and security practices.
• Medium · Lack of Input Validation and Output Encoding — 1.x/spring-boot-file-upload/src/main/resources/templates/. The file structure indicates template files (templates/upload.html, templates/uploadStatus.html) are present, but without visible Spring Security configuration, there is risk of XSS attacks if user input is rendered without proper encoding or validation. Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.