Does this skill include refresh token logic?

Yes, it provides implementation patterns for refresh token storage, rotation, and expiration to ensure secure, long-lived user sessions.

Can I use this for social login or OAuth2?

Absolutely. It includes patterns for integrating with OAuth2 resource servers and third-party providers like Google or GitHub.

What version of Spring Boot does this skill support?

This skill is specifically designed for Spring Boot 3.5.x and utilizes the modern functional configuration style of Spring Security 6.x.

Does it support HttpOnly cookies for better security?

Yes, the skill provides configurations for both standard Bearer tokens in headers and secure, HttpOnly, SameSite cookies to mitigate XSS risks.

Spring Boot JWT Security

Name: Spring Boot JWT Security
Author: giuseppe-trisciuoglio

bygiuseppe-trisciuoglio

•

126

•

セキュリティとテスト

Implements production-ready JWT authentication and role-based access control for Spring Boot 3.5 applications using Spring Security 6.x.

This skill provides a comprehensive toolkit for implementing stateless security in Spring Boot environments. It streamlines the setup of Spring Security 6.x by offering standardized patterns for token generation with the JJWT library, secure filter chain configurations, and robust authorization rules. Whether you are building microservices or SPA backends, this skill handles the complexities of JWT lifecycle management—including token validation, refresh strategies, and integration with OAuth2 providers—ensuring your Java applications follow modern security best practices.

主な機能

01Support for both Bearer headers and HttpOnly cookie authentication

02Modern Spring Security 6.x stateless configuration patterns

03Secure refresh token strategies including rotation and revocation

04Comprehensive JWT lifecycle management using the JJWT library

05Role-Based Access Control (RBAC) and permission-based security

06126 GitHub stars

ユースケース

01Securing RESTful APIs for modern web and mobile applications

02Migrating legacy session-based Java apps to modern token-based security

03Implementing stateless authentication across microservices architectures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add giuseppe-trisciuoglio/developer-kit spring-boot-security-jwt

For use in Claude.ai and ChatGPT

Download Skill