Spring Boot Knowledge Patch Skill

Spring Boot Knowledge Patch

Covers Spring Boot 3.4–4.0, Spring Framework 7.0, Spring Security 7.0, and Spring AI 1.0.

Index

| Topic | Reference | Key features | |---|---|---| | Boot 4.0 migration | references/boot-4-migration.md | Modular starters, Jackson 3, HTTP service clients, RestTestClient, breaking changes | | Spring Framework 7.0 | references/framework-7.md | @Retryable in core, BeanRegistrar, JmsClient, API versioning, JPA 3.2 | | Spring Security 7.0 | references/security-7.md | PathPatternRequestMatcher, DSL cleanup, SPA CSRF, MFA, OAuth2 HTTP services | | Spring AI 1.0 | references/spring-ai.md | ChatClient, @Tool, advisors/RAG, VectorStore, ChatMemory, MCP | | Boot 3.4–3.5 features | references/boot-3.4-3.5.md | Structured logging, actuator access model, MockMvcTester, env properties import |

Quick Reference — Boot 4.0 Starter Renames

| Old (Boot 3.x) | New (Boot 4.0) | |---|---| | spring-boot-starter-web | spring-boot-starter-webmvc | | spring-boot-starter-oauth2-client | spring-boot-starter-security-oauth2-client | | spring-boot-starter-oauth2-resource-server | spring-boot-starter-security-oauth2-resource-server | | spring-boot-starter | spring-boot-starter-classic (gradual migration) | | spring-boot-starter-test | spring-boot-starter-test-classic (gradual migration) | | (bare flyway-core) | spring-boot-starter-flyway (now required) | | (bare liquibase-core) | spring-boot-starter-liquibase (now required) |

Convention: spring-boot-<technology>, spring-boot-starter-<technology>, spring-boot-starter-<technology>-test.

Every technology now has a test starter companion. @WithMockUser requires spring-boot-starter-security-test.

Quick Reference — Jackson 3 (Boot 4.0 Default)

Jackson 3 uses tools.jackson package (annotations stay in com.fasterxml.jackson.annotation).

| Old (Jackson 2) | New (Jackson 3) | |---|---| | @JsonComponent | @JacksonComponent | | @JsonMixin | @JacksonMixin | | JsonObjectSerializer | ObjectValueSerializer | | Jackson2ObjectMapperBuilderCustomizer | JsonMapperBuilderCustomizer | | spring.jackson.read.* | spring.jackson.json.read.* | | spring.jackson.write.* | spring.jackson.json.write.* |

Compatibility module: spring-boot-jackson2 (deprecated). Properties under spring.jackson2.*.

HTTP Service Clients (Boot 4.0)

Annotated interfaces get auto-configured implementations:

@HttpExchange(url = "https://echo.zuplo.io")
public interface EchoService {
    @PostExchange
    Map<?, ?> echo(@RequestBody Map<String, String> message);
}

Group registration with per-group configuration (Framework 7.0):

@ImportHttpServices(group = "weather", types = {WeatherApi.class})
@ImportHttpServices(group = "user", types = {UserApi.class})
class Config extends AbstractHttpServiceRegistrar {
    @Bean
    RestClientHttpServiceGroupConfigurer configurer() {
        return groups -> groups.filterByName("weather")
            .forEachClient((g, b) -> b.defaultHeader("X-Api-Key", key));
    }
}

RestTestClient (Boot 4.0)

Non-reactive alternative to WebTestClient. Works with @SpringBootTest, @AutoConfigureMockMvc, or random port:

@Autowired
RestTestClient restTestClient;

HttpMessageConverters Deprecated (Boot 4.0)

Replace custom HttpMessageConverter beans with customizers:

@Bean
ServerHttpMessageConvertersCustomizer myCustomizer() {
    return converters -> converters.jsonMessageConverter(myConverter);
}
// Also: ClientHttpMessageConvertersCustomizer for client-side

Spring Framework 7.0 — @Retryable in Core

Spring Retry merged into spring-core. Enable with @EnableResilientMethods:

@Configuration
@EnableResilientMethods
class AppConfig { }

@Service
class MyService {
    @Retryable(maxAttempts = 3)
    public String fetchData() { ... }

    @ConcurrencyLimit(limit = 5)
    public String limitedOp() { ... }
}

Spring Security 7.0 — Essential Changes

MvcRequestMatcher and AntPathRequestMatcher removed. Use PathPatternRequestMatcher:

http.authorizeHttpRequests(auth -> auth
    .requestMatchers("/api/**").hasRole("USER")
    .anyRequest().authenticated()
);

DSL cleanup: and() removed (use lambda DSL), authorizeRequests removed (use authorizeHttpRequests).

SPA CSRF: http.csrf(csrf -> csrf.spa());

Spring AI 1.0 — ChatClient

@Autowired ChatClient chatClient;

String answer = chatClient.prompt()
    .user("What is Spring Boot?")
    .call()
    .content();

// Structured output
record ActorFilms(String actor, List<String> movies) {}
ActorFilms result = chatClient.prompt()
    .user("List films with Tom Hanks")
    .call()
    .entity(ActorFilms.class);

Tool calling:

chatClient.prompt()
    .user("What's the weather in London?")
    .tools(weatherTools)  // @Tool-annotated @Component
    .call()
    .content();

Boot 3.4 — Structured Logging

logging.structured.format.console=ecs    # ecs, gelf, or logstash
logging.structured.format.file=logstash

Boot 3.4 — Actuator Access Model

Endpoint enabled/disabled replaced with fine-grained access control:

management.endpoints.access.default=unrestricted
management.endpoint.health.access=read-only
management.endpoints.access.max-permitted=read-only  # operator cap

Values: none, read-only, unrestricted. Old enabled properties are deprecated.

Boot 3.4 — RestClient HTTP Client Selection

spring.http.client.factory=jdk  # http-components, jetty, reactor, jdk, simple
spring.http.client.redirects=dont-follow  # default: follow

Auto-detection order: Apache HC > Jetty > Reactor Netty > JDK HttpClient > Simple.

Key Breaking Changes (Boot 4.0 / Framework 7.0)

Undertow removed — use Tomcat or Jetty (Servlet 6.1 baseline)
RestTemplate deprecated — use RestClient
javax.annotation/javax.inject removed — use jakarta.*
ListenableFuture removed — use CompletableFuture
JUnit 6 baseline for test framework
Liveness/readiness probes enabled by default
DevTools Live Reload disabled by default
Embedded launch scripts removed — use java -jar directly
MongoDB properties renamed: spring.data.mongodb.* → spring.mongodb.*
Elasticsearch: RestClient → Rest5Client
Hibernate: hibernate-jpamodelgen → hibernate-processor
@EntityScan moved to org.springframework.boot.persistence.autoconfigure.EntityScan
spring.dao.exceptiontranslation.enabled → spring.persistence.exceptiontranslation.enabled
management.tracing.enabled → management.tracing.export.enabled
logging.console.enabled=false disables console logging
WAR on Tomcat: use spring-boot-starter-tomcat-runtime instead of spring-boot-starter-tomcat
Spring Retry dependency management removed — use Spring Framework's @Retryable instead
Authorization Server now part of Spring Security; use spring-security.version

Reference Files

| File | Contents | |---|---| | boot-4-migration.md | Modular starters, Jackson 3, HTTP services, RestTestClient, OpenTelemetry, breaking changes | | framework-7.md | @Retryable/@ConcurrencyLimit, BeanRegistrar, JmsClient, API versioning, JPA 3.2, HttpHeaders | | security-7.md | PathPattern matchers, DSL cleanup, SPA CSRF, MFA, Authorization Server, OAuth2 HTTP services | | spring-ai.md | ChatClient, @Tool, advisors/RAG, VectorStore, ChatMemory, MCP server/client | | boot-3.4-3.5.md | Structured logging, actuator access, RestClient config, MockMvcTester, bean defaults, env import |

Agent Skills: Spring Boot Knowledge Patch

Install this agent skill to your local

Skill Files