Can it help with secrets management?

Absolutely. It provides patterns for externalizing credentials using environment variables and Spring Cloud Vault to ensure no secrets are committed to source control.

Does this skill support OAuth2 implementation?

Yes, it provides guidance and best practices for implementing OAuth2, JWT, and opaque tokens for modern resource servers.

Does it include protection against CSRF and XSS?

Yes, it includes specific configurations for CSRF protection based on your architecture and sets up standard security headers to mitigate XSS and clickjacking.

Is there a checklist for production readiness?

The skill includes a comprehensive 10-point security checklist covering everything from token validation to dependency scanning and PII logging.

How does this skill help prevent SQL injection?

It guides developers to use Spring Data repositories and parameterized queries, providing 'Good vs Bad' examples to ensure no manual string concatenation occurs in queries.

Spring Boot Security Expert

Name: Spring Boot Security Expert
Author: nbossn

bynbossn

0•

セキュリティとテスト

Implements and audits robust security configurations for Java Spring Boot applications using industry-standard best practices.

This skill acts as a comprehensive security consultant for Java developers working with Spring Boot. It provides production-ready implementation patterns for authentication (JWT, OAuth2, sessions) and authorization using method-level security. Beyond basic auth, it helps developers harden their services against common vulnerabilities by providing configurations for CORS, CSRF, security headers, rate limiting, and SQL injection prevention. It also emphasizes operational security, including secure secrets management, dependency scanning for CVEs, and a thorough pre-release checklist to ensure applications are secure-by-default.

主な機能

01Vulnerability protection against SQL injection and CSRF

020 GitHub stars

03Granular method-level authorization using @PreAuthorize and roles

04Automated input validation and DTO sanitization strategies

05Stateful and stateless authentication patterns (JWT, OAuth2, Cookies)

06Secure-by-default header and CORS configuration templates

ユースケース

01Building a stateless REST API with JWT-based authentication and revocation

02Hardening an existing Spring Boot application for a production security audit

03Implementing rate limiting and brute-force protection for sensitive endpoints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nbossn/claude-code-base springboot-security

For use in Claude.ai and ChatGPT

主な機能

01Vulnerability protection against SQL injection and CSRF

020 GitHub stars

03Granular method-level authorization using @PreAuthorize and roles

04Automated input validation and DTO sanitization strategies

05Stateful and stateless authentication patterns (JWT, OAuth2, Cookies)

06Secure-by-default header and CORS configuration templates

ユースケース

01Building a stateless REST API with JWT-based authentication and revocation

02Hardening an existing Spring Boot application for a production security audit

03Implementing rate limiting and brute-force protection for sensitive endpoints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nbossn/claude-code-base springboot-security

For use in Claude.ai and ChatGPT