Spring Boot 4.x Project Verification
Analyzes Spring Boot projects for dependency compatibility, configuration correctness, and migration readiness.
Verification Workflow
- Detect Build System → Find pom.xml or build.gradle, extract Spring Boot version
- Analyze Dependencies → Check versions, find deprecated libraries, validate compatibility
- Validate Configuration → Check application.yml/properties, security config, actuator settings
- Generate Report → Structured markdown with severity levels and remediation code
- Lookup Docs → Use Exa MCP to fetch latest Spring Boot 4.x documentation when needed
Dependency Quick Reference
| Check | Severity | Action |
|---|---|---|
| Spring Boot version < 4.0 | CRITICAL | Upgrade to 4.0.x |
Jackson 2.x (com.fasterxml) |
CRITICAL | Migrate to Jackson 3 (tools.jackson) |
javax.* imports |
CRITICAL | Migrate to jakarta.* namespace |
@MockBean in tests |
ERROR | Replace with @MockitoBean |
| Undertow server | ERROR | Switch to Tomcat or Jetty |
| Java version < 17 | ERROR | Minimum Java 17 required |
| Gradle version < 8.14 | ERROR | Upgrade Gradle (required for Kotlin 2.2/Boot 4) |
spring-boot-starter-web |
WARNING | Use spring-boot-starter-webmvc |
| Missing Virtual Threads | INFO | Enable with spring.threads.virtual.enabled=true |
Configuration Quick Reference
| Check | Severity | Action |
|---|---|---|
Security and() chaining |
CRITICAL | Convert to Lambda DSL closures |
antMatchers() usage |
ERROR | Replace with requestMatchers() |
authorizeRequests() |
ERROR | Replace with authorizeHttpRequests() |
| All actuator endpoints exposed | WARNING | Limit to health, info, metrics |
| 100% trace sampling | WARNING | Use 10% in production |
Jakarta Namespace Migration
Critical for Spring Boot 3+: All javax.* packages must migrate to jakarta.*:
| Old Package | New Package |
|---|---|
javax.persistence.* |
jakarta.persistence.* |
javax.servlet.* |
jakarta.servlet.* |
javax.validation.* |
jakarta.validation.* |
javax.inject.* |
jakarta.inject.* |
javax.annotation.* |
jakarta.annotation.* |
Use Grep to find: import\s+javax\.
Spring Boot 4 New Features
| Feature | Configuration | Benefit |
|---|---|---|
| Virtual Threads | spring.threads.virtual.enabled=true |
High concurrency without WebFlux |
| JSpecify Null-Safety | Add @NullMarked to package-info |
Framework-wide null contracts |
| AOT Compilation | Enabled by default | Faster startup times |
JSpecify Annotations
Spring Framework 7 uses JSpecify for null-safety:
@NullMarked // Package or class level - all parameters/returns non-null by default
package com.example.myapp;
import org.jspecify.annotations.Nullable;
public class UserService {
// @Nullable for parameters/returns that can be null
public @Nullable User findById(Long id) { ... }
}
Tools to Use
- Glob → Find
**/pom.xml,**/build.gradle*,**/application.{yml,properties} - Grep → Search for deprecated patterns (
@MockBean,com.fasterxml,.and(),import javax.) - Read → Inspect build files and configuration
- Exa MCP → Fetch latest Spring Boot 4.x docs:
mcp__exa__web_search_exa
Output Format
Generate verification reports with this structure:
## Spring Boot 4.x Verification Report
### Summary
- **Project**: {name}
- **Boot Version**: {detected version}
- **Issues Found**: {n} Critical, {n} Errors, {n} Warnings
### Critical Issues / Errors / Warnings
[Issue details with code remediation]
Detailed References
- Workflow: See WORKFLOW.md for step-by-step verification process
- Migration Guide: See MIGRATION_GUIDE.md for step-by-step migration from Boot 3.x to 4.0 (also referenced from WORKFLOW.md)
- Examples: See EXAMPLES.md for sample verification outputs
- Troubleshooting: See TROUBLESHOOTING.md for detection issues
- Dependencies: See references/DEPENDENCIES.md for complete version matrix
- Configuration: See references/CONFIGURATION.md for validation rules
Critical Reminders
- Check Spring Boot version first — Many issues are version-specific
- Jakarta namespace migration —
javax.*tojakarta.*(required for Boot 3+) - Jackson 3 namespace change —
com.fasterxml.jacksontotools.jackson - Security 7 Lambda DSL —
and()method removed, closures required - Testing annotations changed —
@MockBeanto@MockitoBean - Virtual Threads — Enable with
spring.threads.virtual.enabled=truefor Java 21+ - Gradle 8.14+ — Required for Kotlin 2.2 and Spring Boot 4 support
- Use official docs — https://docs.spring.io/spring-boot/documentation.html
Related Skills
spring-boot-security— Deep security configuration verificationspring-boot-testing— Testing patterns and coverage analysisspring-boot-observability— Actuator, metrics, and tracing setupspring-boot-modulith— Module structure verificationdomain-driven-design— DDD architecture patterns