Can it help me protect against SQL Injection?

Absolutely. It promotes the use of Spring Data repositories and parameterized queries while flagging unsafe string concatenation.

Does this skill help with JWT implementation?

Yes, it provides specific code patterns for OncePerRequestFilter and JwtService to handle stateless authentication and token verification.

Does it include a production readiness checklist?

Yes, it includes a 10-point release checklist covering everything from authorization guards to dependency scanning and PII logging.

How does it handle CSRF for modern APIs?

The skill provides logic for determining when to enable CSRF for session-based apps and how to safely disable it for stateless Bearer token APIs.

Spring Boot Security Review

Name: Spring Boot Security Review
Author: unju-ai

byunju-ai

0•

安全与测试

Implements enterprise-grade security standards for Java Spring Boot services including authentication, authorization, and vulnerability mitigation.

The springboot-security skill provides specialized guidance for hardening Java Spring Boot applications. It enables Claude to implement robust security patterns such as stateless JWT authentication, method-level authorization using @PreAuthorize, and essential protection against SQL injection and CSRF. By following a 'deny-by-default' philosophy, this skill helps developers configure security headers, manage secrets externally, and integrate dependency scanning into their CI/CD pipelines to ensure production-ready security compliance.

主要功能

01Automates input validation and sanitization using Bean Validation and DTOs

02Provides templates for essential security headers like CSP, HSTS, and X-Frame-Options

03Implements role-based access control (RBAC) with @EnableMethodSecurity

040 GitHub stars

05Configures stateless JWT authentication and secure session cookie management

06Establishes best practices for secrets management and dependency vulnerability scanning

使用场景

01Securing a REST API with JWT-based authentication and resource server configuration

02Conducting a security audit to find and fix SQL injection or CSRF vulnerabilities

03Hardening a production Spring Boot service with rate limiting and secure logging

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc springboot-security

For use in Claude.ai and ChatGPT