Spring Boot AI Prompts: Build Production Java APIs Faster in 2026

You are a senior Spring Boot 3 architect using Java 21.

Design a production Spring Boot 3.3 application for a multi-tenant SaaS REST API:
- Build: Gradle (Kotlin DSL), not Maven
- Java 21 with virtual threads enabled (spring.threads.virtual.enabled=true)
- Spring Web MVC (not WebFlux — virtual threads provide the throughput we need)
- Spring Data JPA + Hibernate 6 + PostgreSQL
- Spring Security 6 with JWT (stateless)
- Spring Cache + Redis (Lettuce client)
- Spring Actuator for health and metrics
- Kafka for domain events

Deliver:
1. build.gradle.kts with all dependencies and versions
2. Package structure: com.company.app.{domain}/{application,domain,infrastructure,presentation}
3. application.yml for local development, application-prod.yml for production (env var placeholders)
4. Docker Compose for local: PostgreSQL 16, Redis 7, Kafka 3.7
5. The top 3 Spring Boot 3 features you are using and why they matter

You are a Spring Boot 3 REST API expert.

Build a complete TaskController for a project management API:

Endpoints: GET /api/v1/tasks (paginated), GET /api/v1/tasks/{id}, POST /api/v1/tasks, PUT /api/v1/tasks/{id}, DELETE /api/v1/tasks/{id}

Requirements:
- @RestController with @RequestMapping("/api/v1/tasks")
- @Validated on controller class for constraint validation
- DTOs: TaskCreateRequest (record with @Valid constraints), TaskUpdateRequest (record, all fields Optional), TaskResponse (record, mapped from entity)
- Tenant scoping: extract organizationId from JWT (SecurityContextHolder), pass to service
- Response wrapper: ApiResponse<T> record { T data, String requestId, Instant timestamp }
- Error handling: @RestControllerAdvice with handlers for MethodArgumentNotValidException (field errors), EntityNotFoundException (404), AccessDeniedException (403)
- Pagination: return Page<TaskResponse> wrapped in ApiResponse

Use Java 21 records for all DTOs. No Lombok required — use records and canonical constructors.

You are a Spring Security 6 expert.

Configure JWT authentication for a Spring Boot 3 REST API using the SecurityFilterChain approach (NOT WebSecurityConfigurerAdapter):

Security config:
- Stateless session: SessionCreationPolicy.STATELESS
- CORS: allowedOrigins from environment, allowedMethods GET/POST/PUT/DELETE/OPTIONS
- CSRF: disabled (stateless JWT API)
- Public endpoints: /api/v1/auth/**, /actuator/health, /swagger-ui/**
- All other endpoints: authenticated

JWT filter (JwtAuthenticationFilter extends OncePerRequestFilter):
- Extract Bearer token from Authorization header
- Validate with JJWT (io.jsonwebtoken:jjwt-impl)
- Extract claims: userId, organizationId, role
- Set UsernamePasswordAuthenticationToken in SecurityContext

Token service:
- Generate access token (RS256, 15 minutes) — keys loaded from environment as Base64
- Generate refresh token (opaque UUID stored in Redis, 7 days TTL)
- Validate token: check signature, expiry, and not-blacklisted
- Refresh: validate Redis entry, issue new pair, invalidate old refresh token

Method security:
- @EnableMethodSecurity on config class
- Use @PreAuthorize("hasRole('ORG_ADMIN')") on admin endpoints
- Custom permission evaluator: @PreAuthorize("@taskPermissionEvaluator.canEdit(#taskId, authentication)")

Output: SecurityConfig, JwtAuthenticationFilter, JwtTokenService, and PermissionEvaluator.

You are a Spring Data JPA and Hibernate 6 expert.

Design JPA entities and repositories for a multi-tenant task management system:

Entities (Java 21 — use @Entity with records where possible, standard classes where JPA requires):
- Organization, User, Project, Task, AuditLog
- Auditing: @EnableJpaAuditing, @CreatedDate, @LastModifiedDate, @CreatedBy, @LastModifiedBy
- Soft delete: @SQLRestriction("deleted_at IS NULL") on entities (Hibernate 6 syntax — not @Where)
- Multi-tenant: @Filter for organizationId (Hibernate Filter, activated per request in interceptor)

TaskRepository (JpaRepository + custom):
- findByProjectIdAndStatus(projectId, status, Pageable): @EntityGraph to load assignee
- findOverdueTasks(organizationId, now): @Query JPQL with date comparison
- bulkUpdateStatus(taskIds, status): @Modifying @Query @Transactional — single UPDATE statement
- countByStatusGrouped(organizationId): @Query returning List<StatusCount> projection interface
- findWithFilters(spec, pageable): JpaSpecificationExecutor for dynamic filtering

Performance:
- @QueryHints with COMMENT for DBA query identification
- @BatchSize on collections to prevent N+1 with IN clause batching
- Database indexes: composite indexes declared in @Table(indexes={...})

Output: entity classes, repositories, Hibernate filter configuration, and tenant activation interceptor.

You are a Spring Kafka expert.

Implement domain event streaming for a Spring Boot application:

Domain events (records):
- TaskCreatedEvent(taskId, title, projectId, organizationId, createdBy, occurredAt)
- TaskStatusChangedEvent(taskId, previousStatus, newStatus, changedBy, occurredAt)
- TaskAssignedEvent(taskId, previousAssignee, newAssignee, occurredAt)

Producer:
- KafkaTemplate<String, Object> with JSON serializer
- Topic naming: app.tasks.events (single topic, event type in header)
- Transactional outbox pattern: save event to outbox table in same DB transaction as entity save
- Outbox relay: @Scheduled task polls outbox table, publishes to Kafka, marks as published

Consumer (notification-service):
- @KafkaListener on tasks.events topic, partitioned by organizationId key
- Idempotency: check event ID in Redis before processing (TTL 24h)
- Error handling: DefaultErrorHandler with exponential backoff (1s, 2s, 4s), dead-letter topic after 3 failures
- Manual acknowledgment: only commit offset after successful processing

Topics configuration: 12 partitions, replication-factor 3 (production), 1 (local Docker)

Output: KafkaConfig, event records, TaskEventPublisher, outbox table + scheduler, TaskEventConsumer.

You are a Spring Boot testing expert using Testcontainers.

Write integration tests for TaskController using real PostgreSQL and Redis:

Test setup:
- @SpringBootTest(webEnvironment = RANDOM_PORT)
- @Testcontainers at class level
- @Container static PostgreSQLContainer (shared across all tests in class for speed)
- @Container static GenericContainer for Redis
- @DynamicPropertySource: inject container URLs into Spring DataSource and Redis config
- TestRestTemplate or WebTestClient for HTTP calls

Test data:
- @Sql(scripts = {"/sql/clean.sql", "/sql/seed-tasks.sql"}) per test method
- Helper: createAuthToken(userId, organizationId, role) — real JWT signed with test key

Tests:
1. GET /api/v1/tasks: 200, correct pagination, only current org's tasks returned
2. POST /api/v1/tasks: 201, task in DB, Kafka event published (EmbeddedKafka)
3. POST with invalid data: 400, field-level error map in response
4. GET /api/v1/tasks/{id}: 404 for different org's task (tenant isolation)
5. DELETE: 204, soft-deleted (deletedAt set), excluded from subsequent GET
6. Concurrent update: two threads update same task → optimistic lock exception → 409

Show: Testcontainers setup class (reusable across test classes), JWT helper, and SQL seed file.

You are a senior Spring Boot 3 microservices engineer.

Add Apache Kafka event streaming to a Spring Boot 3 + Java 21 application:

Dependencies: spring-kafka, spring-boot-starter-json

Producer:
- KafkaTemplate<String, Object> with JSON serialization
- TaskEventProducer: publish TaskCreatedEvent, TaskUpdatedEvent, TaskCompletedEvent to 'task-events' topic
- Key: tenantId (ensures messages for same tenant land on same partition)
- Transactional producer: @Transactional wraps DB write + Kafka publish — both succeed or both fail

Consumer:
- @KafkaListener(topics = "task-events", groupId = "notification-service")
- Manual acknowledgment (AckMode.MANUAL): ack.acknowledge() only after successful processing
- Error handling: SeekToCurrentErrorHandler with DeadLetterPublishingRecoverer — failed messages go to 'task-events.DLT'
- Idempotency: store event ID in Redis (SETNX) — skip if already processed

Topic configuration: 3 partitions, replication factor 3 (production), retention 7 days
Health check: custom HealthIndicator that checks Kafka broker connectivity

Output: Kafka producer, consumer, event classes (Java 21 records), configuration, and Docker Compose snippet for local Kafka.

You are a Spring Data JPA expert.

Write advanced JPA queries for a task management system:

1. JPQL with JOIN FETCH (avoid N+1): fetch Tasks with their assignees and projects in a single query, filtered by organizationId and status

2. Specification pattern (JpaSpecificationExecutor):
   - TaskSpecification: buildSpec(TaskFilterDTO filter) — compose predicates for status, priority, assigneeId, dueDateRange, tenantId (always required)
   - Combine with Pageable for paginated, filterable results

3. Native query with pagination: tasks overdue by priority for a dashboard widget — needs a custom COUNT query for pagination
   @Query(value = "...", countQuery = "...", nativeQuery = true)

4. Projection interface: TaskSummaryProjection — only id, title, status, assigneeName (computed from firstName + lastName) — avoids loading full entity graph for list views

5. @EntityGraph: define for Task entity to specify which associations to eagerly load — different graphs for detail view (all) vs list view (none)

Requirements:
- All queries must include tenantId predicate — fail the build if a query doesn't
- Use Jakarta Persistence (not javax) imports throughout
- Hibernate 6.4 syntax

Output: repository interface, Specification class, and the 5 query implementations with brief explanation of why each approach was chosen.

Context for all Spring Boot prompts in this session:
- Framework: Spring Boot 3.4 + Java 21
- CRITICAL: All imports must use jakarta.* (NOT javax.*)
  Spring Boot 3 uses Jakarta EE 10 — javax.persistence, javax.validation do NOT exist
- Security: SecurityFilterChain with lambda DSL
  NEVER generate: WebSecurityConfigurerAdapter (removed in Spring Boot 3)
- JPA: Spring Data JPA + Hibernate 6.x, PostgreSQL
- Virtual threads: spring.threads.virtual.enabled=true (use for blocking I/O)
- Testing: Testcontainers with real PostgreSQL (NEVER H2 in-memory)
  H2 has SQL dialect differences that hide production bugs
- Build: Maven or Gradle with spring-boot-starter-* dependencies only