"Why do we use application.properties for secrets in development but environment variables in production?" Because file-based secrets are fine for your local machine (only you have access), but dangerous on production servers (many people have access, files can be compromised). Let's understand why this distinction matters and how to properly manage secrets across environments.

"But don't we still have if-else statements with interfaces?" Yes! But here's the critical difference: scattered if-else in 10 files vs centralized if-else in 1 factory vs zero if-else with registry pattern. Let's see the evolution.

"I changed the object's failedLoginAttempts field, but when I query the database again, it's back to the old value! In high school, changing object properties just worked - why do I need to call save() in Spring Boot?" This is the fundamental difference between in-memory objects (what you learned in school) and database-backed objects (what you use in production). Let's understand why object changes don't automatically persist to the database.

"Interfaces are for frameworks, right?" Wrong! While frameworks love interfaces, they're solving a much broader problem. Here are 7 real-world scenarios where YOU will use interfaces—no framework required.

If fields are private but setters are public, isn't that the same as making the field public? And what's the difference between Long and long anyway? Let's clear up these common Java confusions.

"What do .stream(), .map(), and .collect() actually do?" These three methods form a powerful pipeline for transforming collections in Java. Instead of writing loops to transform each element, you create a stream, transform elements, and collect results. Let's break down exactly what happens at each step.

"Why do we need both generateToken() (public) and createToken() (private) instead of just one method?" Because separation of concerns makes your code extensible. The public method handles what claims to add (business logic), while the private method handles how to build the JWT (technical details). This lets you add new token types without repeating code. Let's understand why this design pattern is essential.

"Is it safe to add password in LoginRequest? Can someone reach the user's request?" Great security question! The answer depends entirely on whether you're using HTTP or HTTPS. With HTTP, anyone on the network can see your password in plain text. With HTTPS, it's encrypted end-to-end. Let's understand the difference and how to secure your login.

"What does ResponseEntity<UnlockResponse> mean? Why can I use <UnlockResponse> here but <LoginResponse> somewhere else?" ResponseEntity is like a delivery box - it's a generic container that can hold any type of content. The <T> is a placeholder that you fill with your specific data type. Let's understand how this "magic" works and why it's incredibly powerful.

In Part 1, we learned why Spring Data JPA repositories must be interfaces. Now let's understand the fundamental difference between classes and interfaces in Java, and when to use each.