springboot-security
Java Spring Boot 服务中认证/授权、验证、CSRF、密钥、标头、速率限制和依赖安全性的 Spring Security 最佳实践。
83
59%
Does it follow best practices?
Impact
100%
1.08xAverage score across 6 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./docs/zh-CN/skills/springboot-security/SKILL.mdEvaluation results
100%
Secure a Spring Boot REST API with Token Authentication
JWT authentication and security configuration
OncePerRequestFilter usage
100%
100%
Stateless session policy
100%
100%
CSRF disabled for API
100%
100%
Bearer token extraction
100%
100%
SecurityContextHolder population
100%
100%
Content Security Policy header
100%
100%
Frame options configured
100%
100%
Referrer policy header
100%
100%
CORS at filter level
100%
100%
No wildcard CORS origin
100%
100%
Default deny posture
100%
100%
No secrets in source
100%
100%
100%
Add Authorization and Safe Data Access to a User Management API
Authorization, input validation, and SQL safety
@EnableMethodSecurity present
100%
100%
@PreAuthorize on restricted endpoint
100%
100%
hasRole in @PreAuthorize
100%
100%
@Valid on request body
100%
100%
@NotBlank constraint used
100%
100%
@Email constraint used
100%
100%
@Size constraint used
100%
100%
No SQL string concatenation
100%
100%
Parameterized native query
100%
100%
Default deny configuration
100%
100%
Separate DTO from entity
100%
100%
Custom role-based method guard
100%
100%
100%
22%Harden a Spring Boot Authentication Service
Password encoding, secrets management, and rate limiting
PasswordEncoder bean declared
100%
100%
BCryptPasswordEncoder used
100%
100%
BCrypt cost factor 12
0%
100%
PasswordEncoder injected for hashing
100%
100%
No plaintext password stored
100%
100%
Env var placeholder for credentials
100%
100%
No hardcoded secret in Java
100%
100%
Bucket4j rate limit filter
0%
100%
HTTP 429 on limit exceeded
100%
100%
Retry hint in 429 response
75%
100%
No sensitive data logged
100%
100%
Filter extends OncePerRequestFilter
100%
100%
- Repository
- affaan-m/everything-claude-code
- Commit
5df943e
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.