Security 599 installs

Spring Boot Security Review

by affaan-m/everything-claude-code

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

Skill content

Spring Boot Security Review

Use when adding auth, handling input, creating endpoints, or dealing with secrets.

When to Activate

- Adding authentication (JWT, OAuth2, session-based)

- Implementing authorization (@PreAuthorize, role-based access)

- Validating user input (Bean Validation, custom validators)

- Configuring CORS, CSRF, or security headers

- Managing secrets (Vault, environment variables)

- Adding rate limiting or brute-force protection

- Scanning dependencies for CVEs

Authentication

- Prefer stateless JWT or opaque tokens with revocation list

- Use httpOnly, Secure, SameSite=Strict cookies for sessions

- Validate tokens with OncePerRequestFilter or resource server