Spring Boot 3 + Java 21
Spring Boot 3 requires Java 17+. Java 21 adds virtual threads for massive concurrency with minimal code changes.
Entity + Repository
@Entity @Table(name = "users")
public class User {
@Id @GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(unique = true, nullable = false) private String email;
@Column(nullable = false) private String passwordHash;
@CreationTimestamp private LocalDateTime createdAt;
}
public interface UserRepository extends JpaRepository<User, Long> {
Optional<User> findByEmail(String email);
}
REST Controller
@RestController @RequestMapping("/api/users")
@RequiredArgsConstructor
public class UserController {
private final UserService userService;
@GetMapping
@PreAuthorize("hasRole('ADMIN')")
public Page<UserDto> list(@RequestParam(defaultValue = "0") int page) {
return userService.findAll(PageRequest.of(page, 20));
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
public UserDto create(@Valid @RequestBody CreateUserRequest req) {
return userService.create(req);
}
}
Spring Security + JWT
@Configuration @EnableMethodSecurity
public class SecurityConfig {
@Bean public SecurityFilterChain chain(HttpSecurity http) throws Exception {
return http
.csrf(c -> c.disable())
.sessionManagement(s -> s.sessionCreationPolicy(STATELESS))
.authorizeHttpRequests(a -> a
.requestMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated())
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
@Bean public PasswordEncoder encoder() { return new BCryptPasswordEncoder(12); }
}
Virtual Threads (Java 21)
spring.threads.virtual.enabled=true
# One line — handles 100k+ concurrent requests with minimal memory
-> Format API responses with the JSON Viewer.