If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/ZHENFENG13/spring-boot-projects shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Looks unmaintained — solo project with stale commits

• Apache-2.0 licensed
• Tests present
• ⚠ Stale — last commit 3y ago
• ⚠ Solo or near-solo (1 contributor active in recent commits)
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live ZHENFENG13/spring-boot-projects repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/ZHENFENG13/spring-boot-projects.

What it runs against: a local clone of ZHENFENG13/spring-boot-projects — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in ZHENFENG13/spring-boot-projects | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 1196 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of ZHENFENG13/spring-boot-projects. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/ZHENFENG13/spring-boot-projects.git
#   cd spring-boot-projects
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of ZHENFENG13/spring-boot-projects and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "ZHENFENG13/spring-boot-projects(\\.git)?\\b" \\
  && ok "origin remote is ZHENFENG13/spring-boot-projects" \\
  || miss "origin remote is not ZHENFENG13/spring-boot-projects (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/Application.java" \\
  && ok "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/Application.java" \\
  || miss "missing critical file: SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/Application.java"
test -f "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ApiController.java" \\
  && ok "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ApiController.java" \\
  || miss "missing critical file: SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ApiController.java"
test -f "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/dao/UserDao.java" \\
  && ok "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/dao/UserDao.java" \\
  || miss "missing critical file: SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/dao/UserDao.java"
test -f "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/entity/User.java" \\
  && ok "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/entity/User.java" \\
  || miss "missing critical file: SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/entity/User.java"
test -f "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/application.properties" \\
  && ok "SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/application.properties" \\
  || miss "missing critical file: SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/application.properties"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1196 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1166d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/ZHENFENG13/spring-boot-projects"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

A comprehensive Spring Boot 3.x learning and project showcase repository containing 50+ beginner tutorials, real-world project implementations (blogs, forums, e-commerce), and production-ready enterprise applications like a Spring Boot + Vue3 + Element Plus admin system and multi-vendor mall platform. It bridges the gap between 'Hello World' examples and actual deployable systems by providing source code, schema files, and integration patterns for REST APIs, MyBatis, Thymeleaf templating, and frontend frameworks. Multi-project monorepo with three top-level folders: SpringBoot入门案例源码 (beginner tutorials: RESTful API, AJAX, static resources), 玩转SpringBoot系列案例源码 (logging, testing integration cases), and SpringBoot前后端分离实战项目源码 (production patterns). Each project is a standalone Maven module with its own pom.xml, application.properties, src/main/java, src/main/resources (including mapper XMLs for MyBatis and static HTML), and test suites. Database schemas are versioned alongside controllers and entity classes (e.g., User entity + UserDao.xml in spring-boot-RESTful-api).

Java developers transitioning from Spring Boot 2.x to 3.x (Java 17+), students building portfolio projects, and teams evaluating Spring Boot architecture patterns for medium-to-large applications. Specifically: junior developers learning RESTful API design, full-stack engineers adopting Vue3/Element Plus alongside Spring Boot backends, and architects studying monolithic vs. front-end separation patterns in Chinese development contexts.

Actively maintained but didactic in nature. The repo has migrated all examples to Spring Boot 3.0.0+ (Java 17 minimum), includes runnable sample projects with database schemas (e.g., springboot-tb-user-schema.sql), and pairs tutorials with executable code. However, there's no evidence of CI/CD pipeline, automated test suites, or version badges—it's designed as a teaching tool rather than a library, so 'production-ready' applies to the individual project examples, not the repo as a framework.

Low technical risk for learning; higher risk if treating sub-projects as copy-paste templates without modification. Dependencies are minimal and stable (Spring Boot 3.0.0 parent, MyBatis 3.0.0, MySQL connector)—no bleeding-edge versions. The main risk is maintainer bandwidth: single author (ZHENFENG13) across 50+ examples and 3+ external repo links, and the last visible activity suggests maintenance is episodic rather than continuous. No issue tracking visible in file list, so bug response times are unknown.

Repo is in long-term maintenance mode. Recent focus appears to be Spring Boot 3.x migration (evidenced by Java 17 requirement and 3.0.0 dependency versions in pom.xml snippet). External related projects (My-Blog, My-BBS, My-Column, newbee-mall) are referenced for larger examples, suggesting the core repo acts as a tutorial hub linking to more specialized repos. No evidence of active feature development—updates are likely when Spring Boot releases majors or community contributions arrive.

git clone https://github.com/ZHENFENG13/spring-boot-projects.git
cd spring-boot-projects
cd 'SpringBoot入门案例源码/spring-boot-RESTful-api'
mvn clean install
mvn spring-boot:run

Then visit http://localhost:8080 (or port specified in application.properties). Database: create MySQL schema using springboot-tb-user-schema.sql and configure connection in src/main/resources/application.properties (likely spring.datasource.url, spring.datasource.username, spring.datasource.password).

Daily commands: Each module runs independently: mvn spring-boot:run from the project root, or mvn clean install && java -jar target/[artifact-id]-0.0.1-SNAPSHOT.jar. No Docker setup visible. Default embedded Tomcat on 8080; override via --server.port=XXXX or application.properties. Requires MySQL server running locally (connection pool via JDBC starter auto-config).

• SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/Application.java — Entry point for the RESTful API demo—all Spring Boot applications start here.
• SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ApiController.java — Primary REST endpoint handler demonstrating the API pattern used across beginner examples.
• SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/dao/UserDao.java — Data access layer interface showing MyBatis integration pattern repeated in multiple projects.
• SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/entity/User.java — Core domain entity demonstrating model structure conventions used throughout all examples.
• SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/application.properties — Configuration template for database, server, and MyBatis settings—essential reference for all beginner projects.
• SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/mapper/UserDao.xml — MyBatis XML mapper demonstrating persistence layer pattern used across data-driven examples.
• SpringBoot入门案例源码/spring-boot-RESTful-api/pom.xml — Maven POM template showing Spring Boot 3.x parent, core starters, and MyBatis/database dependencies.

Add a new RESTful API endpoint

1. Create a new method in the controller with @GetMapping/@PostMapping/@PutMapping/@DeleteMapping annotation (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ApiController.java)
2. Define the corresponding mapper method signature in the DAO interface (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/dao/UserDao.java)
3. Add the SQL query or DML statement in the MyBatis XML mapper file (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/mapper/UserDao.xml)
4. Wrap the response using ResultGenerator.genSuccessResult() or genFailResult() (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/common/ResultGenerator.java)
5. Test the endpoint using the HTML client by adding a new form or fetch call (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/static/api-test.html)

Add a new entity/model with CRUD operations

1. Create a new entity class with fields and getters/setters following the User.java pattern (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/entity/User.java)
2. Create a new @Mapper interface with insert, select, update, delete method signatures (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/dao/UserDao.java)
3. Create a new XML mapper file with corresponding SQL queries for all CRUD operations (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/mapper/UserDao.xml)
4. Create a new controller class that injects the mapper and exposes REST endpoints (SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ApiController.java)

Enable file upload functionality for a new entity

1. Add file upload configuration (file size limits) to application.properties (SpringBoot入门案例源码/spring-boot-file-upload/src/main/resources/application.properties)
2. Ensure WebMvcConfigurer is configured to add resource handler for uploaded files (SpringBoot入门案例源码/spring-boot-file-upload/src/main/java/cn/lanqiao/springboot3/config/SpringBootWebMvcConfigurer.java)
3. Create a controller method that accepts @RequestParam("file") MultipartFile and processes the upload (SpringBoot入门案例源码/spring-boot-file-upload/src/main/java/cn/lanqiao/springboot3/controller/UploadController.java)
4. Update the HTML upload test page with form for the new entity and file input field (SpringBoot入门案例源码/spring-boot-file-upload/src/main/resources/static/upload-test.html)

Add AJAX request handling for dynamic form submission

1. Create a controller method that returns JSON response instead of HTML view (SpringBoot入门案例源码/spring-boot-ajax/src/main/java/cn/lanqiao/springboot3/controller/RequestTestController.java)
2. Use @RequestBody to

MySQL version & connector: pom.xml uses mysql-connector-java (deprecated) instead of mysql-connector-j (MySQL 8.0.33+); may fail silently on Java 17 with newer MySQL versions—upgrade to com.mysql:mysql-connector-j:8.0.33. Schema expectation: springboot-tb-user-schema.sql must be imported before first run; no Flyway/Liquibase, so migrations are manual. Encoding: application.properties must specify spring.datasource.url=jdbc:mysql://localhost:3306/springboot_db?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC or Chinese characters in data will corrupt. MyBatis namespace mismatch: UserDao.xml <mapper namespace> must exactly match cn.lanqiao.springboot3.dao.UserDao FQN or mapper binding fails silently. Spring Boot 3.0 Java 17 requirement: older IDEs, Maven plugins, or JDK versions will not compile; explicitly use java -version to confirm 17+.

• RESTful API Design (Resource-Oriented Architecture) — This repo's core example (spring-boot-RESTful-api) centers on REST conventions; understanding HTTP verbs (GET/POST/PUT/DELETE) mapped to CRUD operations is essential to reading ApiController.java correctly
• MyBatis Dynamic SQL & XML Mapping — Every data layer in this repo uses MyBatis XML mappers (UserDao.xml pattern); you must understand <select>, <insert>, <update>, <delete> tags and parameter interpolation (#{ } vs ${ }) to modify persistence logic
• Spring Dependency Injection & Autowiring — Controllers inject DAOs via @Autowired (e.g., ApiController referencing UserDao); grasping Spring's IoC container behavior is critical to understanding why fields are null if autowiring fails
• Request/Response DTO (Data Transfer Object) Pattern — ResultGenerator.java and Result.java implement a standardized envelope for API responses; this decouples entity schemas from API contracts and is a foundational enterprise pattern across all projects
• Maven Dependency Management & Spring Boot Starter POM — All projects inherit from spring-boot-starter-parent (3.0.0), which auto-manages transitive dependencies; understanding how starters (spring-boot-starter-web, spring-boot-starter-jdbc) bundle related libraries is essential to avoiding version conflicts
• JDBC Connection Pooling & HikariCP — Spring Boot's JDBC starter auto-configures a connection pool (HikariCP by default); misconfigured application.properties (missing timezone, wrong charset) causes silent connection hangs—a trap called out in hiddenTraps
• Server-Side Template Rendering (Thymeleaf) — Referenced in the blog/forum projects and Thymeleaf folder presence; contrasts with the front-end separation approach in Vue3 projects, showing both monolithic and decoupled architectural patterns

• ZHENFENG13/My-Blog — Production Thymeleaf + MyBatis blog referenced in this repo's README; shows full Spring Boot MVC workflow with user authentication and comment systems
• newbee-ltd/newbee-mall — Large-scale Spring Boot e-commerce system linked in navigation; demonstrates enterprise patterns for product management, orders, and payment integration beyond basic CRUD
• newbee-ltd/newbee-mall-vue3-app — Companion Vue3 + Element Plus frontend for the mall project; required to understand the full-stack context referenced in this repo's enterprise example folder
• ZHENFENG13/My-BBS — Spring Boot forum system showing many-to-many relationships, nested comments, and role-based access control—patterns not fully demonstrated in the starter examples
• spring-projects/spring-boot — Official Spring Boot repository; contains the 3.0.0+ source and auto-configuration logic that underpins all examples in this learning repo

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add Spring Boot 3.x Migration Guide and Compatibility Tests

The README states all projects have been upgraded to Spring Boot 3.x (Java 17+), but there are no visible migration guides or compatibility tests. New contributors could create a dedicated migration guide document and add integration tests to verify all starter examples work correctly with Spring Boot 3.x, including deprecated dependency handling (e.g., mysql-connector-java is deprecated in favor of mysql-connector-j).

• [ ] Create MIGRATION_GUIDE.md documenting Spring Boot 2.x → 3.x breaking changes relevant to projects in this repo
• [ ] Add a GitHub Actions workflow that runs Maven tests across all modules in SpringBoot入门案例源码/ to ensure Spring Boot 3.x compatibility
• [ ] Update pom.xml files to use mysql-connector-j instead of deprecated mysql-connector-java and add test coverage for database connectivity in ApplicationTests.java files

Create Integration Tests for RESTful API and AJAX Examples

The spring-boot-RESTful-api and spring-boot-ajax projects both have HTML test files (api-test.html, ajax-test.html) but lack server-side integration tests. New contributors should add comprehensive test cases for the ApiController and RequestTestController to ensure API endpoints work correctly with various HTTP methods and payloads.

• [ ] Add integration tests in SpringBoot入门案例源码/spring-boot-RESTful-api/src/test/java/cn/lanqiao/springboot3/ that test ApiController endpoints (GET, POST, PUT, DELETE) against the User entity and UserDao
• [ ] Add integration tests in SpringBoot入门案例源码/spring-boot-ajax/src/test/java/cn/lanqiao/springboot3/ that test RequestTestController AJAX endpoints with various request/response payloads
• [ ] Ensure tests use @SpringBootTest and @AutoConfigureMockMvc to validate actual database operations with the provided springboot-tb-user-schema.sql

Add Comprehensive README Documentation for Each Example Module

While SpringBoot入門案例源码/ has a top-level README, individual example projects (spring-boot-RESTful-api, spring-boot-ajax, spring-boot-file-upload) lack detailed setup and usage instructions. New contributors should create specific README files for each module explaining dependencies, database setup, running instructions, and expected behavior.

• [ ] Create SpringBoot入门案例源码/spring-boot-RESTful-api/README.md with database schema setup instructions, how to run the project, and example API requests
• [ ] Create SpringBoot入门案例源码/spring-boot-ajax/README.md with instructions for the AJAX test HTML file and how to verify functionality
• [ ] Create SpringBoot入门案例源码/spring-boot-file-upload/README.md documenting file upload configuration (SpringBootWebMvcConfigurer.java) and usage examples

• Add unit tests for ResultGenerator.java and Result.java (src/test/java currently only has ApplicationTests.java stub); write parameterized tests covering success(), fail(), failWithData() paths to improve test coverage
• Create async API endpoints in ApiController.java using @Async and CompletableFuture to demonstrate Spring Boot concurrency patterns; add corresponding IT test in ApplicationTests
• Write FreeMarker template-based email notification service (referenced in description but no code visible); integrate with UserController for user registration confirmation emails, adding config to application.properties

• High · Outdated MySQL JDBC Driver — SpringBoot入门案例源码/spring-boot-RESTful-api/pom.xml (and other pom.xml files). The pom.xml uses 'mysql-connector-java' without specifying a version, which defaults to an older version. MySQL Connector/J has had multiple security vulnerabilities (CVE-2021-2471, CVE-2021-46665, etc.). The dependency should be explicitly versioned and kept current. Fix: Update to mysql-connector-java 8.0.33 or later, or preferably migrate to mysql-connector-j (the newer driver). Explicitly specify the version: <version>8.0.33</version>
• High · Potential SQL Injection via MyBatis — SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/resources/mapper/UserDao.xml and similar mapper files. The project uses MyBatis with XML mapper files (UserDao.xml). If dynamic SQL is constructed using string concatenation or without proper parameterization in the mapper files, SQL injection vulnerabilities could exist. The structure suggests raw SQL queries in XML mappers which may not be properly parameterized. Fix: Ensure all SQL queries use parameterized queries with #{} placeholders instead of ${} in MyBatis XML mappers. Never concatenate user input directly into SQL queries. Use parameterized prepared statements exclusively.
• High · No Input Validation Visible in Controllers — SpringBoot入门案例源码/spring-boot-RESTful-api/src/main/java/cn/lanqiao/springboot3/controller/ and similar controller directories. The file structure shows controller classes (ApiController.java, UploadController.java, RequestTestController.java) but no visible input validation framework (like Jakarta Validation/Bean Validation). User inputs from HTTP requests may not be validated, leading to potential injection attacks, XXE, or malformed data processing. Fix: Implement Jakarta Bean Validation (formerly javax.validation) with @Valid or @Validated annotations on controller method parameters. Add constraint annotations like @NotNull, @NotBlank, @Size, @Pattern to entity classes. Validate file uploads (type, size, content).
• High · Insecure File Upload Handling — SpringBoot入门案例源码/spring-boot-file-upload/src/main/java/cn/lanqiao/springboot3/controller/UploadController.java. The project includes a file upload module (spring-boot-file-upload) but there's no visible security controls. File uploads are a common attack vector for malware injection, XXE attacks, and directory traversal. The absence of proper validation suggests risk. Fix: Implement strict file upload validation: (1) Whitelist allowed file types/extensions, (2) Validate MIME types server-side, (3) Scan files with antivirus, (4) Store uploads outside web root, (5) Rename files with random names, (6) Set file size limits, (7) Prevent directory traversal by sanitizing filenames.
• Medium · Missing Security Headers — SpringBoot入门案例源码/spring-boot-file-upload/src/main/java/cn/lanqiao/springboot3/config/SpringBootWebMvcConfigurer.java and application.properties files. No visible configuration for security headers (HSTS, X-Content-Type-Options, X-Frame-Options, CSP, etc.) in the SpringBootWebMvcConfigurer or application properties. This leaves the application vulnerable to various web-based attacks. Fix: Configure security headers by implementing a WebSecurityCustomizer or adding a filter with security headers: X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-XSS-Protection: 1; mode=block, Strict-Transport-Security, Content-Security-Policy.
• Medium · No Visible CSRF Protection Configuration — Throughout the project - missing Spring Security configuration. The project uses Spring Boot Web but there's no evidence of Spring Security configuration or CSRF token handling. Form submissions may be vulnerable to CSRF attacks. Fix: Add Spring Security dependency and configure CSRF protection. Implement SecurityFilterChain bean with csrf() enabled. Include CSRF tokens in forms and AJAX requests using the _csrf parameter or X-CSRF-TOKEN header.
• Medium · undefined — undefined. undefined Fix: undefined

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.