How does it help prevent SQL injection?

The skill enforces the use of Spring Data repositories and parameterized native queries, explicitly flagging and correcting unsafe string concatenation.

Does it provide a security checklist?

It includes a comprehensive pre-release checklist covering tokens, authorization guards, input validation, secrets, and dependency scanning.

Can this skill help with rate limiting?

Yes, it includes implementation guides for applying Bucket4j or gateway-level limits to protect expensive endpoints from brute-force attacks.

Does this skill support OAuth2 implementation?

Yes, it provides specific patterns for both stateless JWT authentication and OAuth2 resource server configurations within Spring Security.

Spring Boot Security Review

Name: Spring Boot Security Review
Author: unju-ai

byunju-ai

0•

安全与测试

Implements and audits Spring Boot security configurations including authentication, authorization, and input validation using industry best practices.

The springboot-security skill provides specialized guidance for hardening Java Spring Boot services. It automates the review and implementation of critical security layers such as stateless JWT/OAuth2 authentication, method-level authorization using @PreAuthorize, and robust bean validation. By following these patterns, developers can ensure their APIs are protected against common threats like SQL injection, CSRF, and brute-force attacks, while maintaining secure secrets management and proper header configurations for production environments.

主要功能

01Method-level authorization guards and role-based access control

020 GitHub stars

03Stateless JWT and OAuth2 authentication implementation patterns

04Comprehensive input validation and data sanitization templates

05Secure secrets management using Vault and environment variables

06Hardened CORS, CSRF, and security header configurations

使用场景

01Reviewing code for common vulnerabilities like SQL injection and insecure logging

02Implementing secure token-based authentication and revocation lists

03Hardening a Spring Boot REST API for production deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc springboot-security

For use in Claude.ai and ChatGPT