Step 1
Step 1 — What is a backend?
25 min
Step 1 — What is a backend?
If the frontend is the visible half, the backend handles data, logic, and auth — the invisible half.
1. Four jobs
- Store / query data — users, posts, logs in the DB
- Business rules — "lock after 5 failed logins" kind of judgment
- Authentication / authorization — who you are + what you can do
- External integrations — payments, notifications, email
2. Flow of one request
Browser
└─ 1. POST /api/posts (HTTPS)
↓
Spring Controller (DTO validation)
↓
Service (business rules, tx)
↓
Repository (DB query)
↓
PostgreSQL → row
↑
Browser ← 2. 201 Created (JSON)
Five layers; each keeps its responsibility.
3. Controller · Service · Repository
@RestController
@RequestMapping("/api/posts")
public class PostController {
private final PostService postService;
@PostMapping
public ResponseEntity<PostDto> create(@Valid @RequestBody CreatePostRequest req) {
return ResponseEntity.status(201).body(postService.create(req));
}
}
@Service
@Transactional
public class PostService {
private final PostRepository postRepo;
public PostDto create(CreatePostRequest req) {
if (req.getTitle().length() > 100) throw new ValidationException(...);
return PostDto.from(postRepo.save(Post.from(req)));
}
}
public interface PostRepository extends JpaRepository<Post, Long> {
List<Post> findByUserIdOrderByCreatedAtDesc(Long userId);
}
Rule: Controller → Service → Repository. Never reverse.
4. Why Java 21 + Spring Boot 4
- Java 21 — virtual threads · records · pattern matching
- Spring Boot 4 — dep management, autoconfig, embedded servers
- Ecosystem — Security · Data JPA · Cloud · Batch · WebFlux
5. Alternatives
| Stack | Feel | Typical use |
|---|---|---|
| Spring Boot 4 | robust, enterprise | finance · commerce |
| FastAPI (Python) | light, data-first | startups · AI |
| Express / NestJS | same language as frontend | realtime |
| Go (Gin / Fiber) | performance · simplicity | cloud infra · payments |
| Rust (Axum / Actix) | safety · top perf | high-performance systems |
Spring still dominates Korean enterprise.
6. HTTP status codes
| Code | Meaning | Usage |
|---|---|---|
| 200 | OK | generic success |
| 201 | Created | resource created |
| 204 | No Content | delete success |
| 400 | Bad Request | malformed request |
| 401 | Unauthorized | not authenticated |
| 403 | Forbidden | no permission |
| 404 | Not Found | missing resource |
| 409 | Conflict | duplicate / race |
| 422 | Unprocessable Entity | validation failure |
| 500 | Internal Server Error | server-side error |
7. AuthN vs AuthZ
- Authentication — who are you? (login, JWT, session cookie)
- Authorization — what can you do? (roles, ownership checks)
Logged-in ≠ allowed to delete others' posts.
8. Why PostgreSQL
- Open source, enterprise-supported
- ACID transactions
- Standards compliance + extensions (pgvector, PostGIS, TimescaleDB)
- JSONB / arrays / full-text search
9. API shapes
| Shape | Feel | When |
|---|---|---|
| REST | resource + HTTP methods | most cases |
| GraphQL | client-selected fields | many frontends · network trim |
| gRPC | protobuf · HTTP/2 | service-to-service |
Start with REST.
10. Logging
private static final Logger log = LoggerFactory.getLogger(PostController.class);
log.info("created post userId={}", userId);
log.warn("rate limit hit ip={}", ip);
log.error("payment failed", exception);
SLF4J + Logback is the standard. Avoid System.out.println.
11. Gotchas
- Business logic in Controller → move to Service
- Returning Entity instead of DTO → API tied to schema
- Missing
@Transactionalon multi-query flows - Logging secrets (passwords, tokens, national IDs)
12. Learning order
- Java 21 basics (records, switch patterns)
@SpringBootApplicationscaffolding- Controller / Service / Repository practice
- H2 or PostgreSQL hookup
- DTO / validation / error handling
- JWT auth
- Tests (MockMvc, Testcontainers)
- Deployment (Docker)
Deeper
Next
Step 2 — your first real Spring Boot project.