Stats
Actions
Tags
Provides Spring Security best practices for Spring Boot services: authn/authz, input validation, CSRF protection, secrets management, security headers, rate limiting, dependency checks. Use when adding auth, handling inputs, or securing endpoints.
How this skill is triggered — by the user, by Claude, or both
Slash command
/everything-claude-code:springboot-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
在添加认证、处理输入、创建端点或处理密钥时使用。
在添加认证、处理输入、创建端点或处理密钥时使用。
httpOnly、Secure、SameSite=Strict 的 CookieOncePerRequestFilter 或资源服务器验证令牌@Component
public class JwtAuthFilter extends OncePerRequestFilter {
private final JwtService jwtService;
public JwtAuthFilter(JwtService jwtService) {
this.jwtService = jwtService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain chain) throws ServletException, IOException {
String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (header != null && header.startsWith("Bearer ")) {
String token = header.substring(7);
Authentication auth = jwtService.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
}
chain.doFilter(request, response);
}
}
@EnableMethodSecurity@PreAuthorize("hasRole('ADMIN')") 或 @PreAuthorize("@authz.canEdit(#id)")@Valid@NotBlank、@Email、@Size 以及自定义校验器:param 绑定;严禁拼接字符串http
.csrf(csrf -> csrf.disable())
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
application.yml 中没有凭据;使用占位符http
.headers(headers -> headers
.contentSecurityPolicy(csp -> csp
.policyDirectives("default-src 'self'"))
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
.xssProtection(Customizer.withDefaults())
.referrerPolicy(rp -> rp.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.NO_REFER_ER)));
记住:默认拒绝、校验输入、最小权限原则,以及配置优先的安全性。
npx claudepluginhub codelably/harmony-claude-codeReviews Spring Security best practices for authentication, authorization, input validation, CSRF, secret management, security headers, rate limiting, and dependency security in Java Spring Boot services.
Reviews Spring Security best practices for authentication, authorization, input validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
Reviews existing Spring Security configs or implements JWT auth, OAuth2, method-level security, CORS, and CSRF in Spring Boot projects. Audits for OWASP issues like exposed actuators and weak hashing.