Does it provide guidance on secrets management?

Yes, it guides developers to move hardcoded secrets from configuration files to environment variables or dedicated solutions like Spring Cloud Vault.

Can it help configure JWT authentication?

Yes, it provides standard implementation patterns for OncePerRequestFilter, JWT service logic, and stateless security filter chain configurations.

Does it support method-level security?

Absolutely. It provides patterns for using @PreAuthorize with roles or custom SPEL expressions to ensure granular access control across your services.

How does this skill help prevent SQL injection?

It enforces the use of Spring Data repositories and parameterized queries while identifying and flagging unsafe string concatenation in native SQL queries.

Spring Boot Security Review

Name: Spring Boot Security Review
Author: nbossn

bynbossn

0•

セキュリティとテスト

Implements robust security patterns and audits Spring Boot applications for vulnerabilities and best practices.

This skill empowers Claude to act as a security expert for Java Spring Boot services, providing implementation patterns for authentication, authorization, and data protection. It guides the development of secure endpoints using JWT, applies method-level security with @PreAuthorize, enforces strict input validation, and prevents common vulnerabilities like SQL injection and CSRF. Whether you are configuring security headers, managing secrets via Vault, or implementing rate limiting, this skill ensures your Java backend follows industry-standard security protocols and secure-by-default principles.

主な機能

010 GitHub stars

02Strict input validation and sanitization using Bean Validation and DTOs

03Hardened SQL injection prevention and secure database query patterns

04Secrets management integration and rate limiting implementation

05Authentication & Authorization patterns including JWT, OAuth2, and RBAC

06Advanced configuration for CORS, CSRF, and standard security headers

ユースケース

01Securing REST APIs with stateless JWT authentication and role-based access control

02Implementing rate limiting and brute-force protection for sensitive endpoints

03Auditing Spring Boot codebases for security flaws and hardcoded credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nbossn/claude-code-base springboot-security

For use in Claude.ai and ChatGPT

主な機能

010 GitHub stars

02Strict input validation and sanitization using Bean Validation and DTOs

03Hardened SQL injection prevention and secure database query patterns

04Secrets management integration and rate limiting implementation

05Authentication & Authorization patterns including JWT, OAuth2, and RBAC

06Advanced configuration for CORS, CSRF, and standard security headers

ユースケース

01Securing REST APIs with stateless JWT authentication and role-based access control

02Implementing rate limiting and brute-force protection for sensitive endpoints

03Auditing Spring Boot codebases for security flaws and hardcoded credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nbossn/claude-code-base springboot-security

For use in Claude.ai and ChatGPT