Reviews Spring Security best practices for authn/authz, input validation, CSRF, secrets management, security headers, rate limiting, and dependency security in Java Spring Boot services. Use for secure APIs and endpoints.
How this skill is triggered — by the user, by Claude, or both
Slash command
/everything-claude-code:springboot-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use when adding auth, handling input, creating endpoints, or dealing with secrets.
Use when adding auth, handling input, creating endpoints, or dealing with secrets.
httpOnly, Secure, SameSite=Strict cookies for sessionsOncePerRequestFilter or resource server@Component
public class JwtAuthFilter extends OncePerRequestFilter {
private final JwtService jwtService;
public JwtAuthFilter(JwtService jwtService) {
this.jwtService = jwtService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain chain) throws ServletException, IOException {
String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (header != null && header.startsWith("Bearer ")) {
String token = header.substring(7);
Authentication auth = jwtService.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
}
chain.doFilter(request, response);
}
}
@EnableMethodSecurity@PreAuthorize("hasRole('ADMIN')") or @PreAuthorize("@authz.canEdit(#id)")@Valid on controllers@NotBlank, @Email, @Size, custom validators:param bindings; never concatenate stringshttp
.csrf(csrf -> csrf.disable())
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
application.yml free of credentials; use placeholdershttp
.headers(headers -> headers
.contentSecurityPolicy(csp -> csp
.policyDirectives("default-src 'self'"))
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
.xssProtection(Customizer.withDefaults())
.referrerPolicy(rp -> rp.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.NO_REFERRER)));
Remember: Deny by default, validate inputs, least privilege, and secure-by-configuration first.
npx claudepluginhub seekiingforhappiness-glitch/everything-claude-codeCreates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
14plugins reuse this skill
First indexed Jul 7, 2026
Showing the 6 earliest of 14 plugins