CtrlK
BlogDocsLog inGet started
Tessl Logo

springboot-security

Java Spring Boot 服务中关于身份验证/授权、验证、CSRF、密钥、标头、速率限制和依赖安全的 Spring Security 最佳实践。

76

1.10x
Quality

63%

Does it follow best practices?

Impact

97%

1.10x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./docs/zh-CN/skills/springboot-security/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

28%

Securing a Spring Boot REST API with Token-Based Authentication

JWT authentication and method-level authorization

Criteria
Without context
With context

OncePerRequestFilter used

100%

100%

Bearer token extraction

100%

100%

SecurityContext populated

100%

100%

CSRF disabled

100%

100%

Stateless session policy

100%

100%

@EnableMethodSecurity present

0%

100%

@PreAuthorize on admin endpoint

100%

100%

Default deny stance

100%

100%

Security headers configured

0%

100%

CSP default-src self

0%

100%

JWT preference documented

100%

100%

100%

User Registration and Search API for a Healthcare Portal

Input validation and SQL injection prevention

Criteria
Without context
With context

@Valid on controller

100%

100%

@NotBlank on name

100%

100%

@Email on email field

100%

100%

@Size constraint present

100%

100%

No string concatenation in search

100%

100%

Parameterized binding used

100%

100%

Spring Data repository used

100%

100%

HTML sanitization mentioned

100%

100%

Validation error handler

100%

100%

Constraint annotations on DTO

100%

100%

92%

Hardening a Spring Boot Document Management Service Before Production Launch

Secret management, rate limiting, safe logging, and file upload security

Criteria
Without context
With context

DB password externalized

100%

100%

JWT secret externalized

100%

100%

Bucket4j used for rate limiting

100%

100%

429 status returned

100%

100%

Retry-After header included

100%

100%

No token logged

100%

100%

No PII logged

0%

0%

Structured JSON logging configured

100%

100%

File content type validated

100%

100%

File extension validated

100%

100%

Storage outside web root

100%

100%

File size validated

100%

100%

Repository
haniakrim21/everything-claude-code
Commit

ae2cadd

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Securing a Spring Boot REST API with Token-Based AuthenticationUser Registration and Search API for a Healthcare PortalHardening a Spring Boot Document Management Service Before Production Launch

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill