Spring Boot Security Guidelines

Apply Spring Boot security best practices with secure-by-default API boundaries.

What is covered in this Skill?

• Spring Security configuration and SecurityFilterChain setup
• Authentication and authorization policies for endpoints
• Method-level security (@PreAuthorize / @Secured)
• Principle of least privilege for roles and scopes
• Secure error handling and denial responses
• Sensitive data handling in logs and responses

Scope: Apply recommendations based on the reference rules and good/bad examples.

Constraints

Before applying security changes, ensure the project compiles. After improvements, run full verification.