Java

Choose a JDK distribution deliberately and lock a clear version strategy so builds and production runtime stay reproducible across developer machines, CI, and servers.

Choose Maven or Gradle based on team constraints, enforce a predictable project layout, and make builds deterministic across laptops and CI to prevent production drift.

Package Java services into a predictable deployable artifact with an explicit entrypoint, sane JVM defaults, and diagnostics that make production failures fast to triage.

Use SLF4J as a logging facade, configure Logback for safe rotation and predictable formats, and apply log level discipline so production logs stay useful, cheap, and searchable.

Manage configuration as deploy-time data: define clear precedence, validate critical settings at startup, avoid dev/prod drift from profiles, and keep secrets out of code and logs.

Build production-grade Java CLI tools with strict argument parsing, clear exit codes, correct stdout/stderr usage, and failure messages that are actionable for humans and machines.

Avoid time and locale outages by standardizing on UTC for storage and logs, using java.time types correctly, injecting Clock for testability, and treating formatting/parsing as a boundary concern.

Prevent dependency drift and supply-chain surprises by pinning versions, using BOMs or platforms, failing on conflicts, and making builds reproducible across CI and production.

Design explicit nullability contracts in your APIs, avoid ambiguous null semantics, and use Optional intentionally at boundaries to prevent production NullPointerException cascades.

Design exception strategies that preserve context, maintain cause chains, avoid double-logging, and clearly separate domain errors from infrastructure failures.

Use immutability and value objects to eliminate entire classes of concurrency bugs, simplify reasoning, and make equals/hashCode reliable in production systems.

Standardize on UTF-8, never rely on platform default encoding, and treat charset boundaries explicitly to prevent data corruption and production-only Unicode bugs.

Use java.time types intentionally, model time as Instants and Durations internally, inject Clock for deterministic tests, and avoid subtle arithmetic and persistence pitfalls that cause production time bugs.

Implement equals/hashCode correctly to prevent silent collection corruption, avoid mutable equality keys, and ensure predictable behavior and performance in HashMap/HashSet in production.

Use Streams when they improve clarity without hiding costs; avoid boxing, uncontrolled parallelism, and side effects so production code stays predictable, debuggable, and efficient.

Validate inputs at system boundaries, enforce invariants in the domain model, and return actionable field-level errors so production failures become client-fixable 400s instead of noisy 500s.

Design clear package and module boundaries to prevent cyclic dependencies, protect domain integrity, and keep infrastructure details from leaking into core business logic.

Apply SOLID principles pragmatically to reduce coupling and increase testability, but avoid premature abstraction, interface explosion, and design complexity that hurts maintainability.

Use dependency inversion and constructor injection to control object graphs, improve testability, prevent hidden coupling, and avoid lifecycle and circular dependency issues in production systems.

Model your domain with explicit invariants and aggregate boundaries so business rules live in one place, transactions stay consistent, and production behavior remains predictable under change.

Model expected domain errors explicitly and reserve exceptions for truly exceptional failures, so your system communicates intent clearly and behaves predictably in production.

Design public APIs as long-term contracts, evolve them additively, and understand binary compatibility so changes do not silently break downstream systems in production.

Refactor safely by making small reversible changes, using tests as guardrails, adding characterization coverage for legacy behavior, and deploying with risk controls like feature flags and incremental rollouts.

Choose List, Set, and Map based on access patterns, ordering guarantees, memory cost, and equality semantics so production code stays fast, correct, and predictable.

Understand invariance, wildcards, and PECS to design type-safe and flexible APIs without unsafe casts or raw types leaking into production code.

Understand HashMap internals, load factor, resizing, and hash distribution to prevent latency spikes, memory waste, and silent key corruption in production systems.

Use functional interfaces and lambdas with awareness of capture semantics, side effects, and checked exceptions so functional style remains safe, readable, and production-friendly.

Understand allocation costs, boxing overhead, collectors, and parallel execution trade-offs so you can decide when Streams are acceptable and when plain loops are safer in performance-critical code.

Use Optional as a return-type signal for absence, not as a field type or universal null replacement, and understand lazy evaluation and performance trade-offs in production code.

Choose and size thread pools based on workload type and resource limits, avoid unbounded queues, and monitor saturation signals to prevent latency spikes and thread-related production incidents.

Use CompletableFuture with explicit executors, timeouts, and proper composition patterns to avoid hidden blocking, thread pool contention, and silent failure propagation in production.

Understand intrinsic locks, ReentrantLock, fairness, and contention trade-offs so you can design minimal critical sections and diagnose latency caused by lock contention in production.

Understand race conditions, memory visibility, happens-before rules, and deadlock patterns so you can prevent subtle concurrency bugs that only appear under real production load.

Understand heap layout, object lifetimes, and GC behavior so you can distinguish memory leaks from high allocation rates and diagnose latency caused by garbage collection in production.

Use sampling profilers like JFR and async-profiler to identify CPU, allocation, and lock bottlenecks before optimizing, and avoid guessing performance issues in production systems.

Use NIO.2 with atomic writes, safe path handling, and explicit permissions to avoid partial files, path traversal, and environment-specific filesystem failures in production.

Use buffered streams, chunked processing, and bounded copying patterns to prevent memory blow-ups and support natural backpressure in blocking I/O workflows.

Use Java HttpClient with explicit timeouts, bounded concurrency, idempotent-aware retries, and streaming responses to prevent cascading failures under downstream latency or outage.

Understand TLS handshake, keystore vs truststore roles, and hostname verification so you can configure secure HTTP clients without disabling security in production.

Configure Jackson with safe defaults, reuse ObjectMapper, handle unknown fields intentionally, and use streaming for large payloads to avoid security risks and memory blow-ups in production.

How to use JDBC safely in production: PreparedStatement, connection pooling, resource handling and common failure modes.

Understanding transaction isolation levels in production: anomalies, lost updates, locking behavior, and real-world failure scenarios.

Designing JPA entities for production: lazy loading traps, equals and hashCode mistakes, cascade misuse and DTO separation.

Detecting and fixing the N+1 query problem in JPA and Hibernate using logging, statistics, fetch joins and batch strategies.

Production-safe database migrations with Flyway/Liquibase: zero-downtime rollout, backward compatibility, and failure recovery patterns.

Production-ready Spring Boot project structure: layering, configuration boundaries, dependency flow and anti-pattern avoidance.

Designing production-grade REST controllers with DTOs, validation and safe request handling.

Implement RFC7807 Problem Details in Spring Boot with a global error strategy, stable error codes, traceability and secure responses.

Implement request ID correlation in Spring Boot using filters, MDC and header propagation to enable end-to-end traceability.

Design production-grade resilience in Spring Boot with explicit timeouts, retries, circuit breakers, bulkheads and failure isolation.

Implement graceful shutdown in Spring Boot with proper readiness, liveness and connection draining to prevent request loss.

Write production-grade JUnit 5 tests with clear structure, deterministic behavior and failure-focused coverage.

Use Mockito and Spring test slices correctly: avoid over-mocking, prevent brittle tests and validate boundaries with focused slices.

Run real integration tests with Testcontainers: validate database behavior, migrations and transactional correctness under realistic conditions.

Use consumer-driven contract tests to prevent breaking API changes and ensure cross-service compatibility in production.

Implement quality gates in Java: meaningful coverage targets, mutation testing concepts and guardrails that prevent fake green builds.

Build a production-grade CI pipeline for Java: caching, test stages, artifacts, security checks and failure isolation.

Implement structured JSON logging in Java with MDC, correlation IDs and safe redaction to enable production-grade log search and incident analysis.

Expose production-grade metrics with Micrometer: counters, timers, histograms and meaningful service-level signals.

Implement distributed tracing with OpenTelemetry to follow requests across services and diagnose latency and failure chains.

Implement liveness and readiness health checks in Spring Boot to protect production deployments and traffic routing.

Define baseline alerting signals and SLO-oriented metrics to detect production incidents early and reduce alert fatigue.

Design defensive input validation and sanitization strategies in Java web services to prevent injection, data corruption and security bypass.

Harden Jackson deserialization in Java web services to prevent remote code execution, data tampering and denial-of-service attacks.

Prevent SSRF in Java web services with strict allowlists, safe URL parsing, DNS and IP validation, and egress network controls.

Implement authentication and authorization basics for Java web services: JWT validation, claim hygiene, roles vs permissions and common production pitfalls.

Harden Java web services with security headers and sane CORS defaults: HSTS, CSP basics, clickjacking defenses and cookie flags.

Design reproducible Java builds with proper build profiles, dependency locking and environment isolation to prevent production drift.

Containerize Java services correctly using multi-stage builds, minimal base images, non-root users and JVM tuning for container environments.

Manage configuration and secrets safely in Java services using environment variables, external config and vault-style secret injection patterns.

Design safe rollback strategies for Java deployments: application rollback, schema compatibility, forward-only migrations and feature-flagged release control.

Zero-downtime deployment checklist for Java services: readiness/liveness, connection draining, backward-compatible schema, canaries and safe rollout control.

Design reliable Java services with proper timeouts, bounded retries and idempotency guarantees to prevent duplicate side effects and cascading failures.

Implement rate limiting and backpressure in Java services to protect critical resources, prevent abuse and avoid cascading failure under load.

Map and reason about failure modes in Java services: slow vs down vs corrupt, resource exhaustion and cascading failure patterns.

Write effective production runbooks for Java services: structured triage flow, diagnostic commands, rollback steps and communication discipline.

Production go-live checklist for Java services covering security baseline, performance validation, observability readiness, rollback safety and operational maturity.