304-frameworks-spring-boot-security

Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project

Quality

78%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/304-frameworks-spring-boot-security/SKILL.md

Quality

Content

57%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill functions primarily as a routing document to a reference file, with reasonable structure and clear build verification commands. Its main weakness is the lack of any concrete code examples or specific security patterns in the SKILL.md itself — nearly all actionable content is deferred to the reference. The workflow steps are present but too abstract to guide Claude through specific security implementation tasks.

Suggestions

Add at least one concrete, executable SecurityFilterChain configuration example directly in the SKILL.md to make it actionable without requiring the reference file for basic tasks.

Add an explicit feedback loop in the workflow for when `./mvnw clean verify` fails after applying changes (e.g., 'If verification fails: review test output, fix issues, re-run verify before proceeding').

Consolidate or remove the 'What is covered' and 'When to use this skill' sections — they overlap significantly and could be merged into a single concise list.

Dimension	Reasoning	Score
Conciseness	The 'What is covered' bullet list and 'When to use this skill' section are somewhat redundant with each other and with the description. The 'Scope' line adds little. However, it's not excessively verbose — it doesn't explain what Spring Security is or how it works.	2 / 3
Actionability	The skill provides concrete build commands (./mvnw compile, ./mvnw clean verify) but lacks any executable code examples for security configuration. All actual guidance is deferred to the reference file, making the SKILL.md itself more of a pointer than actionable instruction.	2 / 3
Workflow Clarity	The workflow has four clear steps with a logical sequence, and the constraints section includes validation checkpoints (compile before, verify after). However, the workflow steps are vague ('Apply framework-aligned changes') and lack explicit error recovery/feedback loops — e.g., what to do if verification fails after applying changes.	2 / 3
Progressive Disclosure	The skill is well-structured as an overview that clearly points to a single reference file for detailed rules and examples. The reference path is explicit and one level deep. For a skill of this size and scope, the organization is appropriate.	3 / 3
	Total	9 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly defines its scope (Spring Boot security), lists comprehensive concrete capabilities, and provides explicit trigger guidance with example phrases. It uses proper third-person voice and is distinctive enough to avoid conflicts with related but different skills. The only minor note is that it's somewhat verbose, but the detail serves the purpose of disambiguation well.

Dimension	Reasoning	Score
Specificity	The description lists multiple specific concrete actions and technologies: SecurityFilterChain, OAuth2/JWT resource server patterns, form login, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging.	3 / 3
Completeness	Clearly answers both 'what' (design, review, or improve security covering a comprehensive list of security topics) and 'when' (opens with 'Use when' and provides explicit trigger examples like 'Add Spring Boot security support', 'Harden Spring Boot security headers').	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'Spring Boot security', 'JWT', 'OAuth2', 'CSRF', 'CORS', 'security headers', 'authorization', 'resource server'. The explicit trigger examples ('Add Spring Boot security support', 'Review Spring Boot security configuration') further reinforce natural user language.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive — narrowly scoped to Spring Boot security specifically, with domain-specific triggers like SecurityFilterChain, @PreAuthorize, OAuth2/JWT resource server patterns. Unlikely to conflict with general Java, general security, or other framework skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: jabrena/cursor-rules-java
Commit: dcf0eaa

Reviewed: about 1 hour ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.