Can it help with vulnerability scanning?

It provides guidance on integrating dependency check tools like OWASP Dependency-Check or Snyk into CI/CD pipelines to catch CVEs early.

How does this skill improve Spring Boot security?

It provides Claude with specific templates and checklists for implementing industry-standard security protocols like JWT, secure headers, and parameterized queries to prevent SQL injection.

Does it support both session-based and stateless auth?

Yes, the skill includes best practices for both stateful session-based security (with SameSite cookie protection) and stateless JWT/OAuth2 resource servers.

Does it include a pre-deployment checklist?

Yes, it features a comprehensive 10-point security checklist to verify authentication, authorization, secrets, and logging before your application goes live.

Spring Boot Security Expert

Name: Spring Boot Security Expert
Author: xu-xiang

byxu-xiang

•

323

•

セキュリティとテスト

Implements robust security patterns and industry best practices for Java Spring Boot applications using Spring Security.

This skill equips Claude with specialized knowledge to secure Spring Boot applications comprehensively. It provides implementation patterns for authentication (JWT, OAuth2), granular authorization using method-level security, and robust input validation. Users can rely on this skill to configure security headers, CORS policies, CSRF protection, and rate limiting while following a strict 'deny-by-default' philosophy. It also covers critical operational security like secrets management and dependency auditing to ensure production-grade safety.

主な機能

01Standardized JWT and OAuth2 authentication implementation patterns

02323 GitHub stars

03Secure secrets management and SQL injection prevention techniques

04Method-level authorization using @PreAuthorize and RBAC

05Pre-configured security headers, CORS, and CSRF protection strategies

06Automated Bean Validation (JSR-303) and input sanitization

ユースケース

01Implementing rate limiting and brute-force protection for sensitive endpoints

02Auditing Java code for security vulnerabilities and missing authorization guards

03Securing RESTful APIs with stateless JWT authentication and revocation lists

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xu-xiang/everything-claude-code-zh springboot-security

For use in Claude.ai and ChatGPT

主な機能

01Standardized JWT and OAuth2 authentication implementation patterns

02323 GitHub stars

03Secure secrets management and SQL injection prevention techniques

04Method-level authorization using @PreAuthorize and RBAC

05Pre-configured security headers, CORS, and CSRF protection strategies

06Automated Bean Validation (JSR-303) and input sanitization

ユースケース

01Implementing rate limiting and brute-force protection for sensitive endpoints

02Auditing Java code for security vulnerabilities and missing authorization guards

03Securing RESTful APIs with stateless JWT authentication and revocation lists

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xu-xiang/everything-claude-code-zh springboot-security

For use in Claude.ai and ChatGPT