The latest articles on Forem by Aayush Ghimire (@aayushghimirey). https://forem.com/aayushghimirey https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3731190%2F7e08489f-ebda-418a-b40e-cd17edfd37ea.jpeg https://forem.com/aayushghimirey en Aayush Ghimire Fri, 03 Apr 2026 09:14:17 +0000 https://forem.com/aayushghimirey/6-things-every-backend-engineer-should-know-that-ai-wont-tell-you-41hg https://forem.com/aayushghimirey/6-things-every-backend-engineer-should-know-that-ai-wont-tell-you-41hg <p>AI can write code. Honestly, it can write it faster and with fewer syntax errors than most of us. But here's what it <em>can't</em> do: it doesn't know your system's traffic patterns, your database's growth trajectory, your team's ops maturity, or why that one service falls over every Tuesday at 2 AM.</p> <p><strong>Architecture is still yours to own.</strong></p> <p>This post is aimed at backend engineers — especially those in the Java/Spring Boot world — who want to go beyond CRUD and understand what actually makes systems hold up under pressure.</p> <h2> 1. 🧵 Thread Pool Sizing — Bigger Is Not Better </h2> <p><em>"more threads = more throughput.? "</em> It doesn't work that way.</p> <h3> CPU-bound vs. IO-bound — why it matters </h3> <p>Your app's tasks fall into two categories:</p> <ul> <li> <strong>CPU-bound</strong> — number crunching, encoding, compression. The thread needs the CPU the whole time.</li> <li> <strong>IO-bound</strong> — database calls, HTTP requests, file reads. The thread spends most of its time <em>waiting</em>.</li> </ul> <p>If your app is CPU-bound and you run 200 threads on a 6-core machine, each core is constantly switching between ~33 threads. That context-switching overhead <em>adds</em> latency — it doesn't reduce it.</p> <p>In Spring Boot with an embedded Tomcat server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># application.yml</span> <span class="na">server</span><span class="pi">:</span> <span class="na">tomcat</span><span class="pi">:</span> <span class="na">threads</span><span class="pi">:</span> <span class="na">max</span><span class="pi">:</span> <span class="m">200</span> <span class="c1"># default — fine for IO-heavy apps</span> <span class="na">min-spare</span><span class="pi">:</span> <span class="m">10</span> <span class="na">accept-count</span><span class="pi">:</span> <span class="m">100</span> <span class="c1"># queue size when all threads are busy</span> <span class="na">max-connections</span><span class="pi">:</span> <span class="m">8192</span> </code></pre> </div> <blockquote> <p>⚠️ <strong>Don't just bump <code>max</code> to 500.</strong> Profile your app first. Use tools like JVisualVM or async-profiler to see whether your threads are actually running or just waiting.</p> </blockquote> <h2> 2. 🏊 DB Connection Pool — HikariCP Done Right </h2> <p>Spring Boot ships with HikariCP as the default connection pool, and it's excellent. But "excellent" doesn't mean "correctly configured for your app." The defaults are conservative placeholders — not production settings.</p> <h3> Why connection pools matter </h3> <p>Every DB connection is expensive: it holds memory on both the app and DB side, and opening one takes time. A pool keeps a set of connections warm and ready. Too few → threads queue up waiting for a connection. Too many → you overwhelm the database.</p> <h3> The HikariCP sizing formula </h3> <p>This comes directly from the HikariCP maintainer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">pool_size</span> <span class="o">=</span> <span class="p">(</span><span class="n">core_count</span> <span class="o">*</span> <span class="mi">2</span><span class="p">)</span> <span class="o">+</span> <span class="n">effective_spindle_count</span> </code></pre> </div> <p>For a 4-core app server talking to a standard SSD-backed Postgres instance:<br> <code>pool_size = (4 * 2) + 1 = 9</code> — round up to 10.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># application.yml</span> <span class="na">spring</span><span class="pi">:</span> <span class="na">datasource</span><span class="pi">:</span> <span class="na">url</span><span class="pi">:</span> <span class="s">jdbc:postgresql://localhost:5432/mydb</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${DB_USER}</span> <span class="na">password</span><span class="pi">:</span> <span class="s">${DB_PASS}</span> <span class="na">hikari</span><span class="pi">:</span> <span class="na">maximum-pool-size</span><span class="pi">:</span> <span class="m">10</span> <span class="c1"># max active connections</span> <span class="na">minimum-idle</span><span class="pi">:</span> <span class="m">5</span> <span class="c1"># keep 5 warm at all times</span> <span class="na">idle-timeout</span><span class="pi">:</span> <span class="m">600000</span> <span class="c1"># remove idle connections after 10 min</span> <span class="na">connection-timeout</span><span class="pi">:</span> <span class="m">30000</span> <span class="c1"># fail fast if no connection in 30s</span> <span class="na">max-lifetime</span><span class="pi">:</span> <span class="m">1800000</span> <span class="c1"># recycle connections every 30 min</span> <span class="na">pool-name</span><span class="pi">:</span> <span class="s">MyAppHikariPool</span> <span class="na">auto-commit</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># let Spring manage transactions</span> </code></pre> </div> <h3> The <code>@Transactional</code> trap </h3> <p>Every <code>@Transactional</code> method holds a connection for its entire duration. This is the most common way connection pools get exhausted.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// ❌ BAD — holds a connection for the entire slow external call</span> <span class="nd">@Transactional</span> <span class="kd">public</span> <span class="nc">OrderResult</span> <span class="nf">processOrder</span><span class="o">(</span><span class="nc">OrderRequest</span> <span class="n">request</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Order</span> <span class="n">order</span> <span class="o">=</span> <span class="n">orderRepository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="k">new</span> <span class="nc">Order</span><span class="o">(</span><span class="n">request</span><span class="o">));</span> <span class="c1">// This HTTP call could take 2 seconds</span> <span class="c1">// Your DB connection is locked the entire time</span> <span class="nc">PaymentResult</span> <span class="n">payment</span> <span class="o">=</span> <span class="n">paymentGateway</span><span class="o">.</span><span class="na">charge</span><span class="o">(</span><span class="n">request</span><span class="o">.</span><span class="na">getCardToken</span><span class="o">(),</span> <span class="n">order</span><span class="o">.</span><span class="na">getTotal</span><span class="o">());</span> <span class="n">order</span><span class="o">.</span><span class="na">setStatus</span><span class="o">(</span><span class="n">payment</span><span class="o">.</span><span class="na">isSuccess</span><span class="o">()</span> <span class="o">?</span> <span class="no">CONFIRMED</span> <span class="o">:</span> <span class="no">FAILED</span><span class="o">);</span> <span class="n">orderRepository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="n">order</span><span class="o">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">OrderResult</span><span class="o">(</span><span class="n">order</span><span class="o">);</span> <span class="o">}</span> <span class="c1">// ✅ GOOD — transaction wraps only the DB work</span> <span class="kd">public</span> <span class="nc">OrderResult</span> <span class="nf">processOrder</span><span class="o">(</span><span class="nc">OrderRequest</span> <span class="n">request</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Order</span> <span class="n">order</span> <span class="o">=</span> <span class="n">createOrder</span><span class="o">(</span><span class="n">request</span><span class="o">);</span> <span class="c1">// short transaction</span> <span class="nc">PaymentResult</span> <span class="n">payment</span> <span class="o">=</span> <span class="n">paymentGateway</span><span class="o">.</span><span class="na">charge</span><span class="o">(</span> <span class="c1">// outside transaction</span> <span class="n">request</span><span class="o">.</span><span class="na">getCardToken</span><span class="o">(),</span> <span class="n">order</span><span class="o">.</span><span class="na">getTotal</span><span class="o">()</span> <span class="o">);</span> <span class="k">return</span> <span class="nf">finalizeOrder</span><span class="o">(</span><span class="n">order</span><span class="o">.</span><span class="na">getId</span><span class="o">(),</span> <span class="n">payment</span><span class="o">);</span> <span class="c1">// short transaction</span> <span class="o">}</span> <span class="nd">@Transactional</span> <span class="kd">private</span> <span class="nc">Order</span> <span class="nf">createOrder</span><span class="o">(</span><span class="nc">OrderRequest</span> <span class="n">request</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="n">orderRepository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="k">new</span> <span class="nc">Order</span><span class="o">(</span><span class="n">request</span><span class="o">));</span> <span class="o">}</span> <span class="nd">@Transactional</span> <span class="kd">private</span> <span class="nc">OrderResult</span> <span class="nf">finalizeOrder</span><span class="o">(</span><span class="nc">Long</span> <span class="n">orderId</span><span class="o">,</span> <span class="nc">PaymentResult</span> <span class="n">payment</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Order</span> <span class="n">order</span> <span class="o">=</span> <span class="n">orderRepository</span><span class="o">.</span><span class="na">findById</span><span class="o">(</span><span class="n">orderId</span><span class="o">).</span><span class="na">orElseThrow</span><span class="o">();</span> <span class="n">order</span><span class="o">.</span><span class="na">setStatus</span><span class="o">(</span><span class="n">payment</span><span class="o">.</span><span class="na">isSuccess</span><span class="o">()</span> <span class="o">?</span> <span class="no">CONFIRMED</span> <span class="o">:</span> <span class="no">FAILED</span><span class="o">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">OrderResult</span><span class="o">(</span><span class="n">orderRepository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="n">order</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <h2> 3. 🔍 The N+1 Query Problem </h2> <p>If you've ever looked at your logs and seen 100+ queries firing for what should be a single list fetch — you've hit N+1. It's silent, it's common, and it absolutely destroys performance at scale.</p> <h3> What causes it </h3> <p>When JPA lazily loads associations, it fires one query to get N parent records, then one query per parent to fetch the child. N parents = N+1 total queries.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Entity setup</span> <span class="nd">@Entity</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Order</span> <span class="o">{</span> <span class="nd">@OneToMany</span><span class="o">(</span><span class="n">fetch</span> <span class="o">=</span> <span class="nc">FetchType</span><span class="o">.</span><span class="na">LAZY</span><span class="o">)</span> <span class="c1">// default — lazy</span> <span class="kd">private</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">OrderItem</span><span class="o">&gt;</span> <span class="n">items</span><span class="o">;</span> <span class="o">}</span> <span class="c1">// This looks innocent...</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Order</span><span class="o">&gt;</span> <span class="n">orders</span> <span class="o">=</span> <span class="n">orderRepository</span><span class="o">.</span><span class="na">findAll</span><span class="o">();</span> <span class="c1">// 1 query</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Order</span> <span class="n">order</span> <span class="o">:</span> <span class="n">orders</span><span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">order</span><span class="o">.</span><span class="na">getItems</span><span class="o">().</span><span class="na">size</span><span class="o">());</span> <span class="c1">// N queries — one per order</span> <span class="o">}</span> <span class="c1">// If orders has 100 rows: 1 + 100 = 101 queries. Ouch.</span> </code></pre> </div> <h3> Fix 1: <code>@EntityGraph</code> — declarative and clean </h3> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Repository</span> <span class="kd">public</span> <span class="kd">interface</span> <span class="nc">OrderRepository</span> <span class="kd">extends</span> <span class="nc">JpaRepository</span><span class="o">&lt;</span><span class="nc">Order</span><span class="o">,</span> <span class="nc">Long</span><span class="o">&gt;</span> <span class="o">{</span> <span class="nd">@EntityGraph</span><span class="o">(</span><span class="n">attributePaths</span> <span class="o">=</span> <span class="o">{</span><span class="s">"items"</span><span class="o">,</span> <span class="s">"items.product"</span><span class="o">})</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Order</span><span class="o">&gt;</span> <span class="nf">findAllWithItems</span><span class="o">();</span> <span class="nd">@EntityGraph</span><span class="o">(</span><span class="n">attributePaths</span> <span class="o">=</span> <span class="o">{</span><span class="s">"items"</span><span class="o">})</span> <span class="nc">Optional</span><span class="o">&lt;</span><span class="nc">Order</span><span class="o">&gt;</span> <span class="nf">findWithItemsById</span><span class="o">(</span><span class="nc">Long</span> <span class="n">id</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <h3> Fix 2: JOIN FETCH in JPQL — for custom queries </h3> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Query</span><span class="o">(</span><span class="s">"SELECT DISTINCT o FROM Order o "</span> <span class="o">+</span> <span class="s">"LEFT JOIN FETCH o.items i "</span> <span class="o">+</span> <span class="s">"LEFT JOIN FETCH i.product "</span> <span class="o">+</span> <span class="s">"WHERE o.status = :status"</span><span class="o">)</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Order</span><span class="o">&gt;</span> <span class="nf">findByStatusWithItems</span><span class="o">(</span><span class="nd">@Param</span><span class="o">(</span><span class="s">"status"</span><span class="o">)</span> <span class="nc">OrderStatus</span> <span class="n">status</span><span class="o">);</span> </code></pre> </div> <h3> Fix 3: Batch fetching (when JOIN FETCH causes cartesian products) </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># application.yml</span> <span class="na">spring</span><span class="pi">:</span> <span class="na">jpa</span><span class="pi">:</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">hibernate</span><span class="pi">:</span> <span class="na">default_batch_fetch_size</span><span class="pi">:</span> <span class="m">100</span> <span class="c1"># batch N lazy loads into one IN() query</span> </code></pre> </div> <blockquote> <p>💡 <strong>Enable SQL logging in dev</strong> to catch N+1 early — before it hits production:</p> <pre class="highlight yaml"><code><span class="na">spring</span><span class="pi">:</span> <span class="na">jpa</span><span class="pi">:</span> <span class="na">show-sql</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">hibernate</span><span class="pi">:</span> <span class="na">format_sql</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">logging</span><span class="pi">:</span> <span class="na">level</span><span class="pi">:</span> <span class="na">org.hibernate.SQL</span><span class="pi">:</span> <span class="s">DEBUG</span> <span class="na">org.hibernate.type.descriptor.sql</span><span class="pi">:</span> <span class="s">TRACE</span> </code></pre> </blockquote> <h2> 4. 📦 Response Payload Size — Serialize Less, Go Faster </h2> <p>Serialization and deserialization are not free. Every null field you send gets serialized by the server, transmitted over the wire, and deserialized on the client — for nothing.</p> <p>This compounds fast: 1000 requests/second × 20 unnecessary null fields = measurable CPU and bandwidth overhead.</p> <h3> Exclude nulls globally </h3> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Apply to your DTO base class or globally</span> <span class="nd">@JsonInclude</span><span class="o">(</span><span class="nc">JsonInclude</span><span class="o">.</span><span class="na">Include</span><span class="o">.</span><span class="na">NON_NULL</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ApiResponse</span><span class="o">&lt;</span><span class="no">T</span><span class="o">&gt;</span> <span class="o">{</span> <span class="kd">private</span> <span class="no">T</span> <span class="n">data</span><span class="o">;</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">message</span><span class="o">;</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">errorCode</span><span class="o">;</span> <span class="c1">// null in success cases — won't be serialized</span> <span class="kd">private</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">errors</span><span class="o">;</span> <span class="c1">// null in success cases — won't be serialized</span> <span class="o">}</span> </code></pre> </div> <p>Or globally via config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># application.yml</span> <span class="na">spring</span><span class="pi">:</span> <span class="na">jackson</span><span class="pi">:</span> <span class="na">default-property-inclusion</span><span class="pi">:</span> <span class="s">non_null</span> <span class="na">serialization</span><span class="pi">:</span> <span class="na">write-dates-as-timestamps</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <h3> Use DTOs — never return entities directly </h3> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// ❌ BAD — sends the whole entity including sensitive fields</span> <span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/users/{id}"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">User</span> <span class="nf">getUser</span><span class="o">(</span><span class="nd">@PathVariable</span> <span class="nc">Long</span> <span class="n">id</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findById</span><span class="o">(</span><span class="n">id</span><span class="o">).</span><span class="na">orElseThrow</span><span class="o">();</span> <span class="o">}</span> <span class="c1">// ✅ GOOD — return only what the client needs</span> <span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/users/{id}"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">UserSummaryDTO</span> <span class="nf">getUser</span><span class="o">(</span><span class="nd">@PathVariable</span> <span class="nc">Long</span> <span class="n">id</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findById</span><span class="o">(</span><span class="n">id</span><span class="o">)</span> <span class="o">.</span><span class="na">map</span><span class="o">(</span><span class="nl">UserSummaryDTO:</span><span class="o">:</span><span class="n">from</span><span class="o">)</span> <span class="o">.</span><span class="na">orElseThrow</span><span class="o">(()</span> <span class="o">-&gt;</span> <span class="k">new</span> <span class="nc">ResourceNotFoundException</span><span class="o">(</span><span class="s">"User not found"</span><span class="o">));</span> <span class="o">}</span> <span class="c1">// The DTO</span> <span class="kd">public</span> <span class="n">record</span> <span class="nf">UserSummaryDTO</span><span class="o">(</span><span class="nc">Long</span> <span class="n">id</span><span class="o">,</span> <span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nc">String</span> <span class="n">email</span><span class="o">)</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="nc">UserSummaryDTO</span> <span class="nf">from</span><span class="o">(</span><span class="nc">User</span> <span class="n">user</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">UserSummaryDTO</span><span class="o">(</span><span class="n">user</span><span class="o">.</span><span class="na">getId</span><span class="o">(),</span> <span class="n">user</span><span class="o">.</span><span class="na">getUsername</span><span class="o">(),</span> <span class="n">user</span><span class="o">.</span><span class="na">getEmail</span><span class="o">());</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h3> Projection queries — skip the entity entirely for reads </h3> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Interface-based projection — JPA only selects these two columns</span> <span class="kd">public</span> <span class="kd">interface</span> <span class="nc">UserSummary</span> <span class="o">{</span> <span class="nc">Long</span> <span class="nf">getId</span><span class="o">();</span> <span class="nc">String</span> <span class="nf">getUsername</span><span class="o">();</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">interface</span> <span class="nc">UserRepository</span> <span class="kd">extends</span> <span class="nc">JpaRepository</span><span class="o">&lt;</span><span class="nc">User</span><span class="o">,</span> <span class="nc">Long</span><span class="o">&gt;</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">UserSummary</span><span class="o">&gt;</span> <span class="nf">findAllProjectedBy</span><span class="o">();</span> <span class="o">}</span> </code></pre> </div> <h2> 5. ⚡ Event-Driven Architecture with Kafka — Decouple or Die </h2> <p>As your system grows, REST calls between services become a liability. One slow service stalls the caller. One down service causes cascades. Every consumer adds coupling.</p> <p><strong>Kafka flips this model:</strong> producers don't care who consumes. Consumers don't block the producer.</p> <h3> The snapshot pattern — stop making REST calls for validation </h3> <p>Classic problem: <code>Order Service</code> needs to validate that an inventory item exists before placing an order. Naive solution: REST call to <code>Inventory Service</code> on every order.</p> <p><strong>Better:</strong> Inventory Service publishes events. Order Service consumes them and keeps a local snapshot.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Inventory Service — publish event when inventory is created/updated</span> <span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">InventoryService</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">KafkaTemplate</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">InventoryEvent</span><span class="o">&gt;</span> <span class="n">kafkaTemplate</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">Inventory</span> <span class="nf">createInventory</span><span class="o">(</span><span class="nc">CreateInventoryRequest</span> <span class="n">request</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Inventory</span> <span class="n">inventory</span> <span class="o">=</span> <span class="n">inventoryRepository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="k">new</span> <span class="nc">Inventory</span><span class="o">(</span><span class="n">request</span><span class="o">));</span> <span class="n">kafkaTemplate</span><span class="o">.</span><span class="na">send</span><span class="o">(</span><span class="s">"inventory.events"</span><span class="o">,</span> <span class="n">inventory</span><span class="o">.</span><span class="na">getSku</span><span class="o">(),</span> <span class="k">new</span> <span class="nf">InventoryEvent</span><span class="o">(</span> <span class="n">inventory</span><span class="o">.</span><span class="na">getId</span><span class="o">(),</span> <span class="n">inventory</span><span class="o">.</span><span class="na">getSku</span><span class="o">(),</span> <span class="n">inventory</span><span class="o">.</span><span class="na">getQuantity</span><span class="o">(),</span> <span class="nc">EventType</span><span class="o">.</span><span class="na">CREATED</span> <span class="o">)</span> <span class="o">);</span> <span class="k">return</span> <span class="n">inventory</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Order Service — consume and snapshot</span> <span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">InventorySnapshotConsumer</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">InventorySnapshotRepository</span> <span class="n">snapshotRepo</span><span class="o">;</span> <span class="nd">@KafkaListener</span><span class="o">(</span><span class="n">topics</span> <span class="o">=</span> <span class="s">"inventory.events"</span><span class="o">,</span> <span class="n">groupId</span> <span class="o">=</span> <span class="s">"order-service"</span><span class="o">)</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">onInventoryEvent</span><span class="o">(</span><span class="nc">InventoryEvent</span> <span class="n">event</span><span class="o">)</span> <span class="o">{</span> <span class="nc">InventorySnapshot</span> <span class="n">snapshot</span> <span class="o">=</span> <span class="n">snapshotRepo</span> <span class="o">.</span><span class="na">findBySku</span><span class="o">(</span><span class="n">event</span><span class="o">.</span><span class="na">getSku</span><span class="o">())</span> <span class="o">.</span><span class="na">orElse</span><span class="o">(</span><span class="k">new</span> <span class="nc">InventorySnapshot</span><span class="o">());</span> <span class="n">snapshot</span><span class="o">.</span><span class="na">setSku</span><span class="o">(</span><span class="n">event</span><span class="o">.</span><span class="na">getSku</span><span class="o">());</span> <span class="n">snapshot</span><span class="o">.</span><span class="na">setAvailableQuantity</span><span class="o">(</span><span class="n">event</span><span class="o">.</span><span class="na">getQuantity</span><span class="o">());</span> <span class="n">snapshot</span><span class="o">.</span><span class="na">setLastUpdated</span><span class="o">(</span><span class="nc">Instant</span><span class="o">.</span><span class="na">now</span><span class="o">());</span> <span class="n">snapshotRepo</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="n">snapshot</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="c1">// Now validation is just a local DB lookup — no REST call</span> <span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">OrderService</span> <span class="o">{</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">validateInventory</span><span class="o">(</span><span class="nc">String</span> <span class="n">sku</span><span class="o">,</span> <span class="kt">int</span> <span class="n">quantity</span><span class="o">)</span> <span class="o">{</span> <span class="nc">InventorySnapshot</span> <span class="n">snapshot</span> <span class="o">=</span> <span class="n">snapshotRepo</span><span class="o">.</span><span class="na">findBySku</span><span class="o">(</span><span class="n">sku</span><span class="o">)</span> <span class="o">.</span><span class="na">orElseThrow</span><span class="o">(()</span> <span class="o">-&gt;</span> <span class="k">new</span> <span class="nc">InventoryNotFoundException</span><span class="o">(</span><span class="n">sku</span><span class="o">));</span> <span class="k">if</span> <span class="o">(</span><span class="n">snapshot</span><span class="o">.</span><span class="na">getAvailableQuantity</span><span class="o">()</span> <span class="o">&lt;</span> <span class="n">quantity</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">InsufficientInventoryException</span><span class="o">(</span><span class="n">sku</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <blockquote> <p>⚠️ <strong>Trade-off:</strong> Events give you eventual consistency. If the snapshot hasn't caught up yet, validation may pass on stale data. Design your system to handle this — use idempotent consumers, compensating transactions, or re-validation at fulfillment time.</p> </blockquote> <h2> 6. 🏗️ Know How to Architect — AI Doesn't Know Your Requirements </h2> <p>This one isn't a config snippet. It's the meta-skill.</p> <p>AI can generate a microservice scaffold in seconds. It cannot answer:</p> <ul> <li><em>"Should this be a separate service or stay in the monolith?"</em></li> <li><em>"Will this DB schema survive 10x traffic?"</em></li> <li><em>"Is this the right consistency model for this transaction?"</em></li> </ul> <p>These require <strong>you</strong> to understand the system you're building.</p> <h3> The questions you should be asking </h3> <p><strong>Before designing a service:</strong></p> <ul> <li>What's the expected read/write ratio?</li> <li>What's the consistency requirement? Can we tolerate stale data for 500ms?</li> <li>What fails if this service goes down? Who's the caller? Can they retry?</li> </ul> <p><strong>Before adding a database:</strong></p> <ul> <li>Is this data relational or document-shaped?</li> <li>What are the query patterns? Point lookups, range scans, aggregations?</li> <li>Do we need ACID guarantees, or is BASE acceptable?</li> </ul> <p><strong>Before scaling horizontally:</strong></p> <ul> <li>What's the actual bottleneck? CPU? DB? Network? Memory?</li> <li>Is state being stored in-process? (That's a problem when you add instances.)</li> <li>Can we cache this instead of scaling?</li> </ul> <h3> Use AI right </h3> <p>AI is a force multiplier when you're in the driver's seat:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Good use of AI</span> "Here's my schema and access patterns. Write me a JPA repository with an EntityGraph for this use case." <span class="gh"># Bad use of AI</span> "Build me a scalable microservice for inventory management." <span class="gh"># You'll get something that looks right but may be completely wrong for your needs.</span> </code></pre> </div> <p>The engineers who thrive in the AI era aren't the best prompt writers. They're the ones who can <strong>review, challenge, and take ownership</strong> of what AI produces.</p> <h2> Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>#</th> <th>Concept</th> <th>Key Takeaway</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>Thread Pool</td> <td>Size to your workload type — CPU-bound ≠ IO-bound</td> </tr> <tr> <td>2</td> <td>HikariCP</td> <td>Configure pool size explicitly; keep transactions short</td> </tr> <tr> <td>3</td> <td>N+1 Queries</td> <td>Use <code>@EntityGraph</code> or JOIN FETCH; log SQL in dev</td> </tr> <tr> <td>4</td> <td>Payload Size</td> <td>Exclude nulls; use DTOs and projections</td> </tr> <tr> <td>5</td> <td>Kafka Events</td> <td>Snapshot remote data locally; remove synchronous coupling</td> </tr> <tr> <td>6</td> <td>Architecture</td> <td>Own your design decisions — AI doesn't know your constraints</td> </tr> </tbody> </table></div> <p><em>If you're working with Java and Spring Boot and want to go deeper on any of these topics, drop a comment. Happy to do a follow-up on any specific area — Kafka exactly-once semantics, HikariCP tuning for read replicas, or virtual threads in Java 21 are all on the list.</em></p> <p><em>#java #springboot #backend #softwaredevelopment #architecture</em></p> java springboot backend architecture Aayush Ghimire Tue, 27 Jan 2026 10:30:15 +0000 https://forem.com/aayushghimirey/why-postgresql-rls-is-hard-in-spring-boot-and-how-i-simplified-it-4124 https://forem.com/aayushghimirey/why-postgresql-rls-is-hard-in-spring-boot-and-how-i-simplified-it-4124 <h2> Startup-time validation in action </h2> <p>When PostgreSQL RLS configuration is missing or incorrect, the application <strong>fails at startup</strong> instead of failing later at runtime.</p> <p>This prevents silent security assumptions and production-time surprises.</p> <h3> Example: RLS policy validation failure </h3> <p>Below is an example of what happens when a required RLS policy is missing or misconfigured:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnw8t5aaoch8gx2g71ku9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnw8t5aaoch8gx2g71ku9.png" alt="Application fails during startup due to missing RLS policy" width="800" height="281"></a></p> <p>At startup, the library validates:</p> <ul> <li>Whether the table exists</li> <li>Whether RLS is enabled on the table</li> <li>Whether the required policy exists</li> <li>Whether required session variables are configured</li> </ul> <p>If any of these checks fail, the application <strong>does not start</strong> and provides a clear failure message.</p> <h2> Before we dive in, let’s be clear </h2> <p>This library <strong>does not manage database DDL</strong>.</p> <ul> <li>It does <strong>not</strong> create tables, policies, or RLS rules </li> <li>It does <strong>not</strong> require superuser or elevated database roles </li> <li>It only <strong>validates</strong> that the database security setup matches what the application expects </li> </ul> <p>RLS policies and table configuration should be managed using standard database migration tools such as <strong>Flyway</strong> or <strong>Liquibase</strong>.<br><br> This is the <strong>recommended and preferred approach</strong>.</p> <h2> How startup validation works </h2> <p>RLS expectations are defined using annotations in JPA entities and configuration.</p> <p>At application startup:</p> <ol> <li>The configuration is read</li> <li>The database state is inspected</li> <li>Validation errors are reported immediately</li> <li>If everything is valid, the application starts successfully</li> </ol> <p>This ensures RLS issues are caught <strong>early</strong>, not under production load.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhefrowmn8939ywi5776u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhefrowmn8939ywi5776u.png" alt="Startup validation flow" width="691" height="157"></a></p> <h2> Binding the RLS session context </h2> <p>Session variables required by RLS policies are bound <strong>per transaction</strong>.</p> <p>There are <strong>two supported ways</strong> to bind the session context:</p> <h3> 1️⃣ Annotation-based binding (recommended) </h3> <p>Bind session variables directly on <code>@Transactional</code> method parameters.</p> <h3> 2️⃣ Programmatic binding </h3> <p>Bind session variables manually using a provided context API.</p> <p>Both approaches use <strong>transaction-scoped <code>set_config(..., true)</code></strong>, ensuring variables are automatically cleared after commit or rollback.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5vih24zbsqyt3a1yk15i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5vih24zbsqyt3a1yk15i.png" alt="RLS session binding options" width="717" height="170"></a></p> <h2> Getting started </h2> <p>The project is available on <strong>Maven Central</strong>:</p> <p><code>io.github.aayushghimirey:jpa-postgres-rls:2.0.1</code></p> <p>🔗 Maven Central<br><br> <a href="https://mvnrepository.com/artifact/io.github.aayushghimirey/jpa-postgres-rls/2.0.1" rel="noopener noreferrer">https://mvnrepository.com/artifact/io.github.aayushghimirey/jpa-postgres-rls/2.0.1</a></p> <p>🔗 GitHub repository<br><br> <a href="https://github.com/aayushghimirey/jpa-postgres-rls" rel="noopener noreferrer">https://github.com/aayushghimirey/jpa-postgres-rls</a></p> postgres springboot opensource jpa Aayush Ghimire Sun, 25 Jan 2026 10:47:20 +0000 https://forem.com/aayushghimirey/simplifying-postgresql-rls-in-jpa-with-jpa-postgres-rls-1607 https://forem.com/aayushghimirey/simplifying-postgresql-rls-in-jpa-with-jpa-postgres-rls-1607 <p>Bringing PostgreSQL Row-Level Security to JPA<br> I’ve been working on a lightweight Spring Boot library to simplify data isolation. JPA Postgres RLS automates PostgreSQL Row-Level Security (RLS) binding for JPA entities.<br> The challenge: keeping the application context and the database session in sync.<br> JPA Postgres RLS solves this by:<br> Validating RLS rules at application startup<br> Using Spring AOP to bind session variables via custom annotations<br> Ensuring type-safe mapping from Java objects to SQL session settings<br> Key features:<br> Automatic @RlsSession binding<br> Fail-fast startup validation for missing policies or variables<br> Transaction-scoped session variables<br> Built with Java 21 and Spring Boot 3.4, this library is ideal for multi-tenant SaaS applications. I’d love your feedback and contributions!</p> <p>Why I made this:<br> While working with PostgreSQL RLS, I often forgot to create policies or enable row-level security. Simple mistakes like these or mismatched session variable names, could break an app at runtime. There was no way to catch these issues automatically, and no one would notice until something suddenly failed.</p> <p>So, I decided to build a core library with startup validation and automatic session binding. The project grew as I added more ideas, and I made it open-source so others facing the same challenges can benefit.</p> <p>Lessons from version 1:</p> <p>Initially, I tried automatic policy creation and RLS enabling, but working with DDL proved error-prone. For version 2, I focused on validation and auto-filling session variables instead.</p> <p>Check out the code: <a href="https://github.com/aayushghimirey/jpa-postgres-rls.git" rel="noopener noreferrer">https://github.com/aayushghimirey/jpa-postgres-rls.git</a></p> java postgres showdev springboot