The Spring Framework is possibly the most iconic software development framework of all time. It once suffered from a reputation of bloat, but it has long since shed that perception.

In this article, we’ll take fresh look at Spring, including an overview of Spring Boot and how Spring handles standard application needs like persistence and security. You’ll also learn about newer features that modernize Spring, including its approach to developer experience, reactive programming, and cloud and serverless development.

Streamlined dependency injection

The heart of Spring is still the dependency injection (DI) engine, which is the killer feature that started it all. Also called inversion of control (IOC), dependency injection is a way of wiring together classes without explicitly writing the connective code in the classes themselves. In modern Spring, DI works by convention, with minimal intervention from the developer. Unlike in the past, there is usually little if any XML management involved.

Most Spring beans can be auto-wired with just a few annotations. Spring will scan the project and automatically inject the proper dependency. For example, here’s how you would wire a Repository component to a Service component:

@Component
public class MovieFinder {
  public List findByGenre(String genre) {
    if ("sci-fi".equalsIgnoreCase(genre)) {
      return List.of("Blade Runner", "Total Recall", "The 5th Element");
    } else {
      return List.of("The Godfather", "The Princess Bride");
    }
  }
}

@Component
public class MovieRecommender {
  private final MovieFinder movieFinder;

  // Automatically injected:
  public MovieRecommender(MovieFinder finder) {
    this.movieFinder = finder;
  }

  public String recommendMovie(String genre) {
    List movies = movieFinder.findByGenre(genre);
      return movies.get(0);
  }
}

Simply declaring the two classes as @Components is enough for Spring to put them together, so long as the injected component’s constructor (in this case the default) matches with the consuming component’s reference. Using Spring’s DI implementation to wire together components feels almost like an effortless extension of Java itself.

Spring Boot: The key to modern Spring

Modern Spring is built around Spring Boot, which provides low-overhead access to the vast resources of the Spring framework.

Starting a new Spring application used to be a manual process, but Spring Boot changed all that. Spring Boot makes it simple to create a new standalone app without any boilerplate configuration or containers.

Creating a new Spring Boot application is as simple as using Spring Initializr, which you can access as a web tool or via the Initializr CLI.

Spring Boot apps that include @SpringBootApplication will even configure dependencies like datastores for you automatically. Of course, you can always override the default configurations with manual ones (for example, if you needed to create your own DataStore component).

Spring Boot also includes dependency starters. These let you include one dependency that includes all the things you need for a particular area. For example, spring-boot-starter-web automatically pulls in Spring MVC, Jackson XML, and an embedded server, so you don’t have to deal with adding these components yourself.

Spring Boot is highly streamlined and makes it easy to set up projects using best practices. It also allows you to incrementally adopt more sophisticated or custom features as the need arises. The overall effect is that you can add a Spring Boot dependency, define your project, and get right into the coding.

Enhanced developer experience

Modern Spring includes top-shelf test support. Beyond unit tests, Spring Boot lets you simply include the spring-boot-starter-test starter, which brings in complete testing support. Using the @SpringBootTest annotation allows you to start the entire app in a test context for full-integration test suites.

Spring Boot also includes top-shelf integration with TestContainers, which allows you to create profiles for running tests inside fully configured containers (like Docker), which contain not only the application but architectural dependencies such as databases.

Similarly, spring-boot-starter-actuator allows you to quickly add production-grade services like monitoring and management. These are essential needs in a cloud environment that allow for the automated monitoring of application health and LoS (Level of Service) metrics.

Actuator generates several endpoints for your app, including /actuator/health, /actuator/metrics, and /actuator/info.

Built for the modern cloud

Spring was once associated with applications that were slow to start, but that canard has long since been laid to rest. Modern Spring apps can be AOT (ahead-of-time) compiled to a native binary using GraalVM.

Native binaries and AOT means you get near-instant startup times, a key benefit for serverless deployments where instances can be frequently started and stopped to meet demand. (It should also be noted that your Spring app gets all the benefits of the JVM as well. Newer Java features like virtual threads and continuous refinements like compact headers add up to big benefits for cloud-hosted applications.

Modern Spring also handles all the scanning and linking of the Spring beans (wired components) during the AOT compilation phase, so applications do not suffer any slowdown from classes using dependency injection.

Reactive programming with Spring WebFlux

Another key trend in modern development and the cloud especially is reactive programming, which Spring fully embraces. Reactive programming is asynchronous and non-blocking and gives you a whole conceptual model for handling realtime streams of data.

Spring’s WebFlux module is designed from the ground up to give you access to this powerful paradigm. Everything remains within the domain of Spring’s overarching design, which eases the adoption path for developers coming from a traditional Java Servlet background.

As an example of the reactive approach, when using WebFlux the return type from an endpoint would be a Flux object, instead of a standard Collection. This lets you stream the results back as they become available:

@RestController
public class MovieController {

    private final MovieRepository movieRepository;

    public MovieController(MovieRepository movieRepository) {
        this.movieRepository = movieRepository;
    }

    // Notice the return type
    @GetMapping("/movies")
    public Flux getAllMovies() {
        return movieRepository.findAll();
    }
}

When application requirements call for high-throughput data processing, WebFlux is an ideal solution.

Java persistence with Spring Data

Spring Data is a highly sophisticated, persistence-aware framework that has been refined over the years. In addition to supporting Java’s Jakarta Persistence API, Spring provides easy entry to newer approaches such as the following repository class. Note that this class does not require any annotation because Spring Boot recognizes it subclasses a persistence base-class:

import org.springframework.data.repository.reactive.ReactiveCrudRepository;

public interface MovieRepository extends ReactiveCrudRepository {
    
	// You define the method signature; Spring Data R2DBC provides the implementation
	Flux findByGenre(String genre);
}

This code uses Spring R2DBC, a relational database connection library that uses asynchronous reactive drivers. The beauty is that the engine itself provides the implementation based on the fields and methods of the data object; as the developer, you do not have to implement the findByGenre method.

Spring Security

Modern web security is never going to be easy, but Spring goes a long way to making it as digestible as possible. The magic of Spring Security is bringing together ease of use with the advanced features many applications require.

Spring Boot’s spring-boot-starter-security module makes integrating security features as simple as adding a single dependency. Of course, security in the modern landscape gets messy and complex fast, but Spring Security has everything you need, from JWT to OAuth 2.0 and OpenID Connect (OIDC) for single sign-on, SAML for federated SSO, and integration with auth stores like LDAP.

Security is a “cross-cutting” concern that touches every aspect of the application, and Spring’s AOP (aspect-oriented programming) support lets you apply security in a consistent fashion, even in complex architectures. Beyond the method-level security of AOP, Spring’s security filter engine is well-adapted for all kinds of web-based security needs.

Conclusion

Modern Spring delivers everything necessary to make it an excellent choice for the new era of software development. Starting from a single conceptual mechanism (inversion of control), Spring lets you define all your custom objects in the same idiom used for third-party components and cross-cutting capabilities like security and logging. The Spring Framework incorporates newer Java feature such as the improved structured concurrency model, while providing access to a vast ecosystem of libraries and modules designed for common application needs and architectures. These features and benefits are all generally accessible using Spring Boot, and you can customize and refine your application as it grows.