If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/JeffLi1993/springboot-learning-example shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 2y ago

• 6 active contributors
• Apache-2.0 licensed
• Tests present
• ⚠ Stale — last commit 2y ago
• ⚠ Concentrated ownership — top contributor handles 61% of recent commits
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live JeffLi1993/springboot-learning-example repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/JeffLi1993/springboot-learning-example.

What it runs against: a local clone of JeffLi1993/springboot-learning-example — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in JeffLi1993/springboot-learning-example | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 917 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of JeffLi1993/springboot-learning-example. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/JeffLi1993/springboot-learning-example.git
#   cd springboot-learning-example
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of JeffLi1993/springboot-learning-example and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "JeffLi1993/springboot-learning-example(\\.git)?\\b" \\
  && ok "origin remote is JeffLi1993/springboot-learning-example" \\
  || miss "origin remote is not JeffLi1993/springboot-learning-example (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "chapter-1-spring-boot-quickstart/src/main/java/demo/springboot/QuickStartApplication.java" \\
  && ok "chapter-1-spring-boot-quickstart/src/main/java/demo/springboot/QuickStartApplication.java" \\
  || miss "missing critical file: chapter-1-spring-boot-quickstart/src/main/java/demo/springboot/QuickStartApplication.java"
test -f "chapter-2-spring-boot-config/src/main/java/demo/springboot/config/BookProperties.java" \\
  && ok "chapter-2-spring-boot-config/src/main/java/demo/springboot/config/BookProperties.java" \\
  || miss "missing critical file: chapter-2-spring-boot-config/src/main/java/demo/springboot/config/BookProperties.java"
test -f "chapter-3-spring-boot-web/src/main/java/demo/springboot/web/BookController.java" \\
  && ok "chapter-3-spring-boot-web/src/main/java/demo/springboot/web/BookController.java" \\
  || miss "missing critical file: chapter-3-spring-boot-web/src/main/java/demo/springboot/web/BookController.java"
test -f "2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalErrorWebExceptionHandler.java" \\
  && ok "2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalErrorWebExceptionHandler.java" \\
  || miss "missing critical file: 2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalErrorWebExceptionHandler.java"
test -f "chapter-3-spring-boot-web/src/main/java/demo/springboot/service/impl/BookServiceImpl.java" \\
  && ok "chapter-3-spring-boot-web/src/main/java/demo/springboot/service/impl/BookServiceImpl.java" \\
  || miss "missing critical file: chapter-3-spring-boot-web/src/main/java/demo/springboot/service/impl/BookServiceImpl.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 917 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~887d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/JeffLi1993/springboot-learning-example"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

A comprehensive Spring Boot 2.x learning repository with 20+ standalone example modules covering WebFlux, configuration, data access (MyBatis, JPA), caching (Redis, MongoDB, EhCache), and reactive programming patterns. It serves as a hands-on tutorial suite with runnable code examples demonstrating Spring Boot best practices and integration patterns for both synchronous and asynchronous web applications. Multi-module Maven monorepo: top-level chapters (chapter-1-spring-boot-quickstart, chapter-2-spring-boot-config) and advanced modules (2-x-spring-boot-groovy, 2-x-spring-boot-webflux-handling-errors) each contain isolated pom.xml, application.properties, and src/main/java examples. No shared libraries between modules; each is a standalone runnable Spring Boot application intended for copy-paste learning.

Spring Boot beginners and intermediate developers learning core Spring Boot concepts, Chinese-language learners (blog posts at bysocket.com), and teams needing reference implementations for MyBatis multi-datasource setup, WebFlux error handling, or Redis integration.

Actively maintained learning resource with clear module organization and documented tutorials linked in README. Spring Boot 2.1.6.RELEASE as baseline shows stability focus. No visible CI/CD badges or test coverage metadata, and commit recency is not directly visible, but the structured progression from 'chapter-1-quickstart' through advanced WebFlux modules suggests active development for educational purposes rather than a production library.

Low risk for a learning repository; minimal external dependencies beyond Spring Boot starters. Single maintainer (JeffLi1993) creates knowledge-transfer risk if the author steps back. No explicit test suites visible in file listing—example modules appear to be demonstration-focused rather than tested components. The 2.1.6.RELEASE baseline is now outdated (Spring Boot 3.x exists), which could make newer learners' production migrations harder.

No recent commit data visible in provided metadata. Based on structure, the repository is in maintenance mode—all major topic areas (WebFlux, Groovy, config, caching, data access) are covered. No active development branches or PRs mentioned, but the organized tutorial structure suggests periodic updates to match Spring Boot LTS releases.

git clone https://github.com/JeffLi1993/springboot-learning-example.git
cd springboot-learning-example
cd chapter-1-spring-boot-quickstart
mvn clean install
mvn spring-boot:run

Server will start on http://localhost:8080 (verify with HelloController endpoints).

Daily commands: Each module is independent:

cd 2-x-spring-boot-webflux-handling-errors
mvn clean install
mvn spring-boot:run

Or import entire monorepo into IDE (IntelliJ/Eclipse), right-click any module's pom.xml → Run as Maven install, then Run as Spring Boot App.

• chapter-1-spring-boot-quickstart/src/main/java/demo/springboot/QuickStartApplication.java — Entry point demonstrating Spring Boot application bootstrap and fundamental startup patterns used across all modules.
• chapter-2-spring-boot-config/src/main/java/demo/springboot/config/BookProperties.java — Core configuration binding pattern showing how properties are injected into Spring beans via @ConfigurationProperties—essential for understanding config management across the codebase.
• chapter-3-spring-boot-web/src/main/java/demo/springboot/web/BookController.java — RESTful controller exemplar defining request routing, response handling, and dependency injection patterns used throughout web modules.
• 2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalErrorWebExceptionHandler.java — Global exception handling pattern for WebFlux-based applications showing reactive error handling critical for modern Spring Boot 2.x applications.
• chapter-3-spring-boot-web/src/main/java/demo/springboot/service/impl/BookServiceImpl.java — Service layer implementation demonstrating business logic encapsulation and dependency injection patterns referenced by controllers.
• 2-x-spring-boot-groovy/src/main/java/org/spring/springboot/Application.java — Advanced application setup showing script engine integration and dynamic routing filters beyond basic Spring Boot conventions.

Add a New REST API Endpoint

1. Create a domain entity in chapter-3-spring-boot-web/src/main/java/demo/springboot/domain/ following Book.java pattern with field declarations (chapter-3-spring-boot-web/src/main/java/demo/springboot/domain/Book.java)
2. Define a service interface in chapter-3-spring-boot-web/src/main/java/demo/springboot/service/ extending operations pattern from BookService.java (chapter-3-spring-boot-web/src/main/java/demo/springboot/service/BookService.java)
3. Implement the service interface in chapter-3-spring-boot-web/src/main/java/demo/springboot/service/impl/ following BookServiceImpl.java business logic pattern (chapter-3-spring-boot-web/src/main/java/demo/springboot/service/impl/BookServiceImpl.java)
4. Create a REST controller in chapter-3-spring-boot-web/src/main/java/demo/springboot/web/ annotating with @RestController and injecting service via @Autowired following BookController.java (chapter-3-spring-boot-web/src/main/java/demo/springboot/web/BookController.java)

Add Configuration Properties Binding

1. Create properties file in chapter-2-spring-boot-config/src/main/resources/ (e.g., application-custom.properties) with your prefix.property=value entries (chapter-2-spring-boot-config/src/main/resources/application-dev.properties)
2. Create a properties class in chapter-2-spring-boot-config/src/main/java/demo/springboot/config/ with @ConfigurationProperties(prefix="your.prefix") matching BookProperties.java pattern (chapter-2-spring-boot-config/src/main/java/demo/springboot/config/BookProperties.java)
3. Inject the properties class via @Autowired into any Spring component where needed (chapter-2-spring-boot-config/src/main/java/demo/springboot/web/HelloBookController.java)

Add WebFlux Error Handling

1. Create a custom exception class in 2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/ extending RuntimeException or GlobalException.java pattern (2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalException.java)
2. Extend GlobalErrorWebExceptionHandler.java in the same error package, overriding handle() method to process your custom exception and return ServerResponse (2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalErrorWebExceptionHandler.java)
3. Optionally customize error response attributes in GlobalErrorAttributes.java to add custom fields to error responses (2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/error/GlobalErrorAttributes.java)

Add a WebFlux Functional Router

1. Create a handler class in 2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/handler/ following CityHandler.java pattern with methods returning Mono<ServerResponse> (2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/handler/CityHandler.java)
2. Create a router configuration in 2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/router/ using RouterFunction with @Bean and route() DSL following CityRouter.java (2-x-spring-boot-webflux-handling-errors/src/main/java/org/spring/springboot/router/CityRouter.java)

• Spring Boot 2.x — Industry-standard framework providing convention-over-configuration, embedded servlet containers, and production-ready features for rapid application development
• Spring WebFlux — Enables reactive, non-blocking request handling for high-concurrency scenarios with functional routing and composable handlers
• Maven — Build automation and dependency management enabling consistent multi-module project structure across

No significant traps documented. Each module is self-contained with its own application.properties, so no shared configuration conflicts. Spring Boot 2.1.6 parent POM handles transitive dependency resolution cleanly. The only gotcha: switching between modules requires careful IDE refresh (Maven > Reload Projects in IntelliJ) since there is no shared parent properties file—version mismatches are unlikely but possible if manually editing module pom.xml files.

• Reactive Programming with Project Reactor — Spring WebFlux modules in this repo (2-x-spring-boot-webflux-handling-errors) use Mono/Flux—essential for non-blocking, back-pressure-aware I/O in modern Spring applications
• Functional Routing (HandlerFunction & RouterFunction) — CityRouter.java demonstrates Spring WebFlux's functional endpoint DSL as an alternative to @RestController—lighter and more composable for route definitions
• Global Exception Handling (ErrorAttributes & ErrorWebExceptionHandler) — GlobalErrorWebExceptionHandler.java and GlobalErrorAttributes.java show how to centralize REST error responses across all endpoints—critical for API consistency
• Multi-Datasource Configuration — Several modules hint at Druid multi-datasource setup (mentioned in README)—necessary pattern for sharding or reading from multiple databases in production systems
• Template Engine Integration (FreeMarker & Thymeleaf) — This repo demonstrates both FreeMarker and Thymeleaf integration—learners need to know templating options and Spring Boot's auto-configuration for view resolution
• Property Configuration & Profiles — chapter-2-spring-boot-config covers externalized configuration and environment-specific property loading—foundational for deployments across dev/staging/prod
• Groovy Dynamic Scripting in Java — GroovyScriptController.java shows how to evaluate Groovy scripts at runtime within a Spring application—enables dynamic business rule changes without redeployment (risky but powerful)

• spring-projects/spring-boot — Official Spring Boot source—definitive reference for framework behavior, patterns, and latest API changes
• spring-projects/spring-petclinic — Official reference Spring Boot web application with MVC, JPA, data access layers—more production-oriented than this learning repo
• eugenp/tutorials — Comprehensive Java/Spring tutorial monorepo with similar module-per-topic structure; covers overlapping areas (MyBatis, WebFlux, caching)
• alibaba/spring-cloud-alibaba — Practical Spring Boot microservices examples with cloud-native patterns—next step for learners moving beyond single-module applications
• spring-projects/spring-data-examples — Official examples for Spring Data JPA, Redis, MongoDB integration—complements this repo's data access layers

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive integration tests for 2-x-spring-boot-webflux-handling-errors module

The webflux error handling module has GlobalErrorAttributes, GlobalErrorWebExceptionHandler, and GlobalException classes but lacks corresponding test coverage. This is critical for a learning repository as it demonstrates best practices for error handling in reactive applications. Adding tests would help beginners understand how global exception handling works in WebFlux.

• [ ] Create src/test/java/org/spring/springboot/error/ directory structure
• [ ] Add GlobalErrorWebExceptionHandlerTest.java to test exception mapping and error response formatting
• [ ] Add GlobalExceptionTest.java to test custom exception behavior
• [ ] Add integration test (e.g., WebFluxErrorHandlingIntegrationTest.java) that tests CityHandler routes with intentional errors to verify end-to-end error handling
• [ ] Ensure tests verify HTTP status codes, error message formats, and reactive stream behavior

Add missing unit tests for chapter-2-spring-boot-config module configuration classes

The config module has BookProperties.java and BookComponent.java but the ConfigApplicationTests.java likely only has basic placeholder tests. Configuration binding and property injection are core Spring Boot concepts that need comprehensive examples for learners. This will demonstrate @ConfigurationProperties, @Component, and property file binding patterns.

• [ ] Enhance ConfigApplicationTests.java with tests for BookProperties property binding from application.properties and application.yml
• [ ] Create BookComponentTest.java to test the BookComponent bean initialization and dependency injection
• [ ] Add test for profile-specific configurations using application-dev.properties and application-prod.properties
• [ ] Verify property value resolution from both .properties and .yml file formats
• [ ] Include tests demonstrating @EnableConfigurationProperties annotation usage

Create comprehensive README.md documentation for 2-x-spring-boot-groovy module with usage examples

The groovy module exists with GroovyScriptController and RouteRuleFilter but has no module-specific documentation. Since Groovy integration is less common in Spring Boot tutorials, this learning repository should provide clear examples of why and how to use Groovy in Spring Boot applications. This helps learners understand dynamic script execution patterns.

• [ ] Create 2-x-spring-boot-groovy/README.md explaining the use case for Groovy in Spring Boot
• [ ] Document RouteRuleFilter.java functionality and how it intercepts requests
• [ ] Add code examples showing GroovyScriptController endpoints and expected Groovy script execution behavior
• [ ] Include curl/postman examples for testing dynamic Groovy script evaluation
• [ ] Explain how groovy dependency enables dynamic script compilation and execution
• [ ] Add section on when to use Groovy vs pure Java for Spring Boot applications

• Add integration tests (src/test/java) for chapter-2-spring-boot-config to verify @ConfigurationProperties binding and profile-specific property loading—currently no test sources visible
• Document the HandlerFunction<ServerRequest, ServerResponse> pattern in 2-x-spring-boot-webflux-handling-errors/CityHandler.java with inline JavaDoc and example cURL commands in README
• Create a new module 'chapter-x-spring-boot-actuator' demonstrating Spring Boot Actuator metrics, health checks, and custom endpoints—listed in README but not in file structure

• High · Outdated Spring Boot Version — pom.xml (spring-boot-starter-parent version 2.1.6.RELEASE). The project uses Spring Boot 2.1.6.RELEASE (released June 2019), which is significantly outdated and contains multiple known security vulnerabilities. This version is no longer receiving security updates and has been superseded by Spring Boot 2.7.x and 3.x series. Fix: Upgrade to the latest stable Spring Boot 2.7.x or 3.x version. At minimum, upgrade to Spring Boot 2.7.14+ or 3.1.x+ to receive current security patches.
• High · Outdated Groovy Dependency — pom.xml (groovy dependency without version specification). The project includes Groovy dependency without specifying a version, relying on parent POM's version resolution. Groovy versions bundled with Spring Boot 2.1.6 are outdated and may contain security vulnerabilities. Fix: Explicitly specify and upgrade to Groovy 3.0.x or higher. Ensure compatibility with your Spring Boot version.
• High · Dynamic Code Execution via Groovy Script Controller — 2-x-spring-boot-groovy/src/main/java/org/spring/springboot/web/GroovyScriptController.java. The GroovyScriptController appears to accept and execute Groovy scripts dynamically. This is a critical security risk if user input is directly evaluated as Groovy code, leading to Remote Code Execution (RCE). No evidence of input validation or sanitization is visible in the file structure. Fix: Implement strict input validation and avoid direct code execution of user-supplied input. Use sandboxed execution environments if dynamic scripting is necessary. Consider alternative approaches that don't involve runtime code evaluation.
• Medium · Missing Security Headers Configuration — Application-wide (no security configuration visible). The project does not appear to have Spring Security or security header configuration visible. Standard security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, etc.) are likely missing. Fix: Add Spring Security dependency and configure security headers. At minimum, enable: X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-XSS-Protection: 1; mode=block.
• Medium · No Visible Input Validation in Controllers — chapter-3-spring-boot-web/src/main/java/demo/springboot/web/BookController.java and similar controller files. The repository structure shows multiple controllers (HelloBookController, BookController, GroovyScriptController, CityHandler) without visible input validation or sanitization mechanisms, increasing risk of injection attacks. Fix: Implement comprehensive input validation using Spring's @Valid annotation with JSR-303/JSR-380 (Hibernate Validator). Sanitize all user inputs before processing.
• Medium · Potential SQL Injection Risk — chapter-3-spring-boot-web/src/main/java/demo/springboot/service/ directory. The project includes service and repository layers (BookService, BookServiceImpl) but the actual implementation is not visible. If raw SQL queries are used instead of parameterized queries or ORM frameworks, SQL injection vulnerabilities are possible. Fix: Use Spring Data JPA, Mybatis with parameterized queries, or other ORM frameworks. Never concatenate user input into SQL queries. Use prepared statements.
• Medium · No Spring Security Configuration — pom.xml (missing spring-boot-starter-security dependency). Spring Security is not included as a dependency, leaving the application without authentication and authorization mechanisms. All endpoints are publicly accessible. Fix: Add spring-boot-starter-security dependency and configure authentication/authorization based on application requirements. Implement role-based access control (RBAC).
• Low · Missing Java Version Enforcement — pom.xml (java.version property set to 1.8). The project targets Java 1.8 (released March 2014), which is outdated. While not directly a vulnerability, it means security patches in newer Java versions are not utilized. Fix: Upgrade to Java 11 LTS or Java 17 LTS minimum. Align

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.