springboot-security

Java Spring Boot 服务中关于身份验证/授权、验证、CSRF、密钥、标头、速率限制和依赖安全的 Spring Security 最佳实践。

Install with Tessl CLI

npx tessl i github:affaan-m/everything-claude-code --skill springboot-security

What are skills?

Review — 63%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 11 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

28%

Securing a Spring Boot REST API with Token-Based Authentication

JWT authentication and method-level authorization

Criteria

Without context

With context

OncePerRequestFilter used

100%

Bearer token extraction

100%

SecurityContext populated

100%

CSRF disabled

100%

Stateless session policy

100%

@EnableMethodSecurity present

100%

@PreAuthorize on admin endpoint

100%

Default deny stance

100%

Security headers configured

100%

CSP default-src self

100%

JWT preference documented

100%

Without context: $0.5693 · 2m 22s · 28 turns · 117 in / 9,642 out tokens

With context: $0.7610 · 2m 38s · 33 turns · 40 in / 10,844 out tokens

100%

User Registration and Search API for a Healthcare Portal

Input validation and SQL injection prevention

Criteria

Without context

With context

@Valid on controller

100%

@NotBlank on name

100%

@Email on email field

100%

@Size constraint present

100%

No string concatenation in search

100%

Parameterized binding used

100%

Spring Data repository used

100%

HTML sanitization mentioned

100%

Validation error handler

100%

Constraint annotations on DTO

100%

Without context: $0.3300 · 1m 17s · 20 turns · 26 in / 4,881 out tokens

With context: $0.6641 · 2m 37s · 29 turns · 35 in / 9,812 out tokens

92%

Hardening a Spring Boot Document Management Service Before Production Launch

Secret management, rate limiting, safe logging, and file upload security

Criteria

Without context

With context

DB password externalized

100%

JWT secret externalized

100%

Bucket4j used for rate limiting

100%

429 status returned

100%

Retry-After header included

100%

No token logged

100%

No PII logged

Structured JSON logging configured

100%

File content type validated

100%

File extension validated

100%

Storage outside web root

100%

File size validated

100%

Without context: $0.2788 · 1m 17s · 13 turns · 15 in / 5,059 out tokens

With context: $0.5597 · 1m 54s · 29 turns · 33 in / 7,561 out tokens

Evaluated: about 17 hours ago
Agent: Claude Code

Table of Contents

Securing a Spring Boot REST API with Token-Based Authentication User Registration and Search API for a Healthcare Portal Hardening a Spring Boot Document Management Service Before Production Launch

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.