{"kind":"Skill","metadata":{"namespace":"community","name":"java-springboot","version":"0.1.0"},"spec":{"description":"Get best practices for developing applications with Spring Boot.","files":{"SKILL.md":"---\nname: java-springboot\ndescription: 'Get best practices for developing applications with Spring Boot.'\n---\n\n# Spring Boot Best Practices\n\nYour goal is to help me write high-quality Spring Boot applications by following established best practices.\n\n## Project Setup \u0026 Structure\n\n- **Build Tool:** Use Maven (`pom.xml`) or Gradle (`build.gradle`) for dependency management.\n- **Starters:** Use Spring Boot starters (e.g., `spring-boot-starter-web`, `spring-boot-starter-data-jpa`) to simplify dependency management.\n- **Package Structure:** Organize code by feature/domain (e.g., `com.example.app.order`, `com.example.app.user`) rather than by layer (e.g., `com.example.app.controller`, `com.example.app.service`).\n\n## Dependency Injection \u0026 Components\n\n- **Constructor Injection:** Always use constructor-based injection for required dependencies. This makes components easier to test and dependencies explicit.\n- **Immutability:** Declare dependency fields as `private final`.\n- **Component Stereotypes:** Use `@Component`, `@Service`, `@Repository`, and `@Controller`/`@RestController` annotations appropriately to define beans.\n\n## Configuration\n\n- **Externalized Configuration:** Use `application.yml` (or `application.properties`) for configuration. YAML is often preferred for its readability and hierarchical structure.\n- **Type-Safe Properties:** Use `@ConfigurationProperties` to bind configuration to strongly-typed Java objects.\n- **Profiles:** Use Spring Profiles (`application-dev.yml`, `application-prod.yml`) to manage environment-specific configurations.\n- **Secrets Management:** Do not hardcode secrets. Use environment variables, or a dedicated secret management tool like HashiCorp Vault or AWS Secrets Manager.\n\n## Web Layer (Controllers)\n\n- **RESTful APIs:** Design clear and consistent RESTful endpoints.\n- **DTOs (Data Transfer Objects):** Use DTOs to expose and consume data in the API layer. Do not expose JPA entities directly to the client.\n- **Validation:** Use Java Bean Validation (JSR 380) with annotations (`@Valid`, `@NotNull`, `@Size`) on DTOs to validate request payloads.\n- **Error Handling:** Implement a global exception handler using `@ControllerAdvice` and `@ExceptionHandler` to provide consistent error responses.\n\n## Service Layer\n\n- **Business Logic:** Encapsulate all business logic within `@Service` classes.\n- **Statelessness:** Services should be stateless.\n- **Transaction Management:** Use `@Transactional` on service methods to manage database transactions declaratively. Apply it at the most granular level necessary.\n\n## Data Layer (Repositories)\n\n- **Spring Data JPA:** Use Spring Data JPA repositories by extending `JpaRepository` or `CrudRepository` for standard database operations.\n- **Custom Queries:** For complex queries, use `@Query` or the JPA Criteria API.\n- **Projections:** Use DTO projections to fetch only the necessary data from the database.\n\n## Logging\n\n- **SLF4J:** Use the SLF4J API for logging.\n- **Logger Declaration:** `private static final Logger logger = LoggerFactory.getLogger(MyClass.class);`\n- **Parameterized Logging:** Use parameterized messages (`logger.info(\"Processing user {}...\", userId);`) instead of string concatenation to improve performance.\n\n## Testing\n\n- **Unit Tests:** Write unit tests for services and components using JUnit 5 and a mocking framework like Mockito.\n- **Integration Tests:** Use `@SpringBootTest` for integration tests that load the Spring application context.\n- **Test Slices:** Use test slice annotations like `@WebMvcTest` (for controllers) or `@DataJpaTest` (for repositories) to test specific parts of the application in isolation.\n- **Testcontainers:** Consider using Testcontainers for reliable integration tests with real databases, message brokers, etc.\n\n## Security\n\n- **Spring Security:** Use Spring Security for authentication and authorization.\n- **Password Encoding:** Always encode passwords using a strong hashing algorithm like BCrypt.\n- **Input Sanitization:** Prevent SQL injection by using Spring Data JPA or parameterized queries. Prevent Cross-Site Scripting (XSS) by properly encoding output.\n"},"import":{"commit_sha":"541b7819d8c3545c6df122491af4fa1eae415779","imported_at":"2026-05-18T20:05:35Z","license_text":"MIT License\n\nCopyright GitHub, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.","owner":"github","repo":"github/awesome-copilot","source_url":"https://github.com/github/awesome-copilot/tree/541b7819d8c3545c6df122491af4fa1eae415779/plugins/java-development/skills/java-springboot"}},"content_hash":[133,18,142,112,45,43,14,182,80,120,74,16,223,189,116,242,190,209,55,194,29,109,127,68,187,28,234,193,231,193,198,86],"trust_level":"unsigned","yanked":false}