Does it support secrets management?

Absolutely. It guides developers to externalize credentials using environment variables or Spring Cloud Vault instead of hardcoding them in configuration files.

Can it prevent SQL injection in Spring Boot?

Yes, it enforces the use of Spring Data repositories and parameterized native queries to ensure database interactions are safe from injection.

How does this skill help with JWT implementation?

It provides standardized implementation patterns for token validation using OncePerRequestFilter and secure token handling practices.

How does it handle authorization?

The skill includes templates for @PreAuthorize and @EnableMethodSecurity to manage fine-grained, role-based access control across your service layer.

Spring Boot Security Review

Name: Spring Boot Security Review
Author: Infopibe

byInfopibe

•

Security & Testing

Implements industry-standard security practices for Java Spring Boot applications including authentication, authorization, and vulnerability mitigation.

The Spring Boot Security Review skill equips Claude with specialized knowledge to audit and secure Java-based backend services. It provides actionable patterns for implementing robust authentication mechanisms like JWT and OAuth2, enforcing fine-grained access control via method security, and applying strict input validation. This skill ensures that your Spring Boot applications adhere to modern security standards, covering essential areas such as SQL injection prevention, secure password hashing, CSRF protection, and automated dependency scanning.

Key Features

01Automated input validation and SQL injection prevention strategies

02Secure secrets management using Vault and environment variables

03Configuration of security headers, CORS, and rate limiting

04Implementation of stateless JWT and OAuth2 authentication patterns

05Role-based and expression-based method security configuration

061 GitHub stars

Use Cases

01Implementing fine-grained method-level authorization for sensitive data

02Auditing existing Spring Boot code for security vulnerabilities and CVEs

03Securing REST APIs with stateless token-based authentication

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add infopibe/everything-claude-code springboot-security

For use in Claude.ai and ChatGPT

Key Features

01Automated input validation and SQL injection prevention strategies

02Secure secrets management using Vault and environment variables

03Configuration of security headers, CORS, and rate limiting

04Implementation of stateless JWT and OAuth2 authentication patterns

05Role-based and expression-based method security configuration

061 GitHub stars

Use Cases

01Implementing fine-grained method-level authorization for sensitive data

02Auditing existing Spring Boot code for security vulnerabilities and CVEs

03Securing REST APIs with stateless token-based authentication

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add infopibe/everything-claude-code springboot-security

For use in Claude.ai and ChatGPT