Bird
Raised Fist0
Spring Bootframework~3 mins

Why Response DTO for output in Spring Boot? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

Discover how a simple object can protect your app and make your code shine!

The Scenario

Imagine building a web app where you manually pick and send data from your database to users, writing code to extract each field every time.

The Problem

Manually selecting and formatting data for every response is slow, repetitive, and easy to make mistakes like exposing sensitive info or missing fields.

The Solution

Response DTOs let you define exactly what data to send back in a simple object, making your code cleaner, safer, and easier to maintain.

Before vs After
Before
User user = userRepository.findById(id).orElse(null); return user; // sends all fields including password
After
UserResponseDto dto = new UserResponseDto(user.getName(), user.getEmail()); return dto; // sends only needed fields
What It Enables

It enables clear, secure, and efficient data responses tailored to what your users really need.

Real Life Example

When showing a user profile, you only send their name and email, not their password or internal IDs, keeping data safe and clean.

Key Takeaways

Manual data sending is error-prone and risky.

Response DTOs define clear output structures.

They improve security, clarity, and maintenance.

Practice

(1/5)
1. What is the main purpose of using a Response DTO in a Spring Boot application?
easy
A. To handle incoming HTTP requests
B. To define the exact data structure sent back to the client
C. To store data in the database
D. To configure application properties

Solution

  1. Step 1: Understand the role of Response DTO

    A Response DTO is used to shape the data sent back to the client, controlling what fields are exposed.

  2. Step 2: Differentiate from other components

    It is not used for storing data or handling requests, but specifically for output formatting.

  3. Final Answer:

    To define the exact data structure sent back to the client -> Option B

  4. Quick Check:

    Response DTO = Output data structure [OK]
Hint: Response DTO controls output data format [OK]
Common Mistakes:
  • Confusing Response DTO with entity or request DTO
  • Thinking Response DTO handles input data
  • Assuming Response DTO manages database operations
2. Which of the following is the correct way to define a simple Response DTO class in Spring Boot?
easy
A. public record UserResponse(String name) {}
B. public class UserResponse { private String name; public String getName() { return name; } }
C. public enum UserResponse { NAME; }
D. public interface UserResponse { String name; }

Solution

  1. Step 1: Identify valid Java class for DTO

    Spring Boot supports Java records as concise DTOs with immutable fields and automatic getters.

  2. Step 2: Check syntax correctness

    public record UserResponse(String name) {} uses a record with a field and no boilerplate code, which is modern and valid.

  3. Final Answer:

    public record UserResponse(String name) {} -> Option A

  4. Quick Check:

    Use record for simple immutable DTO [OK]
Hint: Use Java record for simple DTOs [OK]
Common Mistakes:
  • Using interface instead of class or record
  • Using enum for data container
  • Omitting getters in POJO classes
3. Given this Response DTO and controller method, what JSON will be returned?
public record ProductResponse(String name, double price) {}

@GetMapping("/product")
public ProductResponse getProduct() {
  return new ProductResponse("Book", 12.5);
}
medium
A. {"name":"Book"}
B. {"productName":"Book","productPrice":12.5}
C. {"name":"Book","price":12.5}
D. {"name":"Book","price":"12.5"}

Solution

  1. Step 1: Understand record fields and JSON mapping

    The record fields are name and price, which map directly to JSON keys.

  2. Step 2: Check returned JSON structure

    The returned JSON includes both fields with correct types: string for name and number for price.

  3. Final Answer:

    {"name":"Book","price":12.5} -> Option C

  4. Quick Check:

    Record fields map directly to JSON keys [OK]
Hint: Record fields become JSON keys as-is [OK]
Common Mistakes:
  • Assuming JSON keys change names automatically
  • Treating numbers as strings in JSON
  • Missing fields in output JSON
4. What is wrong with this Response DTO class?
public class UserResponse {
  private String username;
  public UserResponse(String username) {}
  public String getUsername() { return username; }
}
medium
A. Class should be abstract
B. Getter method is missing
C. Field username should be public
D. Constructor does not assign the username field

Solution

  1. Step 1: Check constructor implementation

    The constructor has a parameter but does not assign it to the field, so username remains null.

  2. Step 2: Verify getter correctness

    The getter returns the field value, but since field is never set, it returns null.

  3. Final Answer:

    Constructor does not assign the username field -> Option D

  4. Quick Check:

    Constructor must set fields [OK]
Hint: Always assign constructor params to fields [OK]
Common Mistakes:
  • Forgetting to assign constructor parameters
  • Making fields public unnecessarily
  • Thinking getters alone set values
5. You want to create a Response DTO that only exposes a user's id and email, hiding the password. Which approach is best in Spring Boot?
hard
A. Create a separate Response DTO class with only id and email fields
B. Return the User entity directly and ignore the password field
C. Use @JsonIgnore on the password field in the User entity
D. Send the entire User entity and filter password on the client side

Solution

  1. Step 1: Understand security and data exposure

    Exposing only needed fields via a Response DTO prevents accidental leaks of sensitive data like passwords.

  2. Step 2: Evaluate options for hiding password

    Creating a separate DTO with only safe fields is best practice; relying on @JsonIgnore or client filtering is less secure or less clear.

  3. Final Answer:

    Create a separate Response DTO class with only id and email fields -> Option A

  4. Quick Check:

    Separate DTOs protect sensitive data [OK]
Hint: Use dedicated DTOs to expose only safe fields [OK]
Common Mistakes:
  • Returning entity directly exposing sensitive data
  • Relying on client-side filtering for security
  • Misusing @JsonIgnore without DTO separation