spring-boot-security
Installation
SKILL.md
Spring Boot Security Standards
Priority: P0 (CRITICAL)
Configure SecurityFilterChain
- Lambda DSL: ALWAYS use Lambda DSL.
- SecurityFilterChain: Expose as
@Bean. not extendWebSecurityConfigurerAdapter. - Statelessness: Enforce
SessionCreationPolicy.STATELESSfor REST APIs.
See implementation examples for SecurityFilterChain configuration with Lambda DSL and JWT.
Implement Authentication and Authorization
- Authentication: Validation of credentials (Who you?). Use
AuthenticationManagerorJwtDecoder. - Authorization: Verification of access rights (Can you this?). Use
@PreAuthorize.