springboot-security
Comprehensive Spring Security guidance for authentication, authorization, input validation, secrets, and dependency scanning in Java Spring Boot.
- Covers authentication patterns (JWT, OAuth2, sessions with secure cookies), authorization via method security annotations, and token validation with filters
- Includes input validation with Bean Validation constraints, SQL injection prevention through parameterized queries, and password hashing with BCrypt or Argon2
- Provides CSRF, CORS, and security header configuration strategies tailored to stateless APIs versus browser-based sessions
- Addresses secrets management via environment variables and Spring Cloud Vault, rate limiting with Bucket4j, and CVE scanning in CI pipelines
- Includes pre-release checklist covering token expiration, authorization guards, input sanitization, and PII redaction in logs
Spring Boot Security Review
Use when adding auth, handling input, creating endpoints, or dealing with secrets.
When to Activate
- Adding authentication (JWT, OAuth2, session-based)
- Implementing authorization (@PreAuthorize, role-based access)
- Validating user input (Bean Validation, custom validators)
- Configuring CORS, CSRF, or security headers
- Managing secrets (Vault, environment variables)
- Adding rate limiting or brute-force protection
- Scanning dependencies for CVEs
Authentication
- Prefer stateless JWT or opaque tokens with revocation list
- Use
httpOnly,Secure,SameSite=Strictcookies for sessions - Validate tokens with
OncePerRequestFilteror resource server
More from affaan-m/everything-claude-code
security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
7.9Kgolang-patterns
Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications.
7.4Kcoding-standards
Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
6.7Kfrontend-patterns
Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.
6.6Kbackend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
6.6Kgolang-testing
Go testing patterns including table-driven tests, subtests, benchmarks, fuzzing, and test coverage. Follows TDD methodology with idiomatic Go practices.
6.1K