بنقرة واحدة
spring-security
Spring Security 6 patterns for authentication, authorization, and OAuth2
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Spring Security 6 patterns for authentication, authorization, and OAuth2
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Core Java patterns, modern Java features (JDK 17+), best practices
Maven and Gradle build tools, dependency management, multi-module projects
JUnit 5 testing patterns with Mockito and AssertJ
Spring Boot 3 patterns for controllers, services, configuration, and validation
Spring Data JPA and Hibernate patterns for entities, repositories, and query performance
Spring Boot testing with @SpringBootTest, MockMvc, and Testcontainers
| name | spring-security |
| description | Spring Security 6 patterns for authentication, authorization, and OAuth2 |
| keywords | ["spring-security","security","authentication","authorization","oauth2","jwt","filter","csrf","method security"] |
| filePatterns | ["*.java","application.yml","application.properties"] |
| frameworks | ["spring-security","spring-boot"] |
| tokenCount | 3000 |
| version | 1.0.0 |
Spring Security 6 patterns for securing APIs. Favor explicit security rules and least privilege.
Read only files relevant to the request. Use the content map to focus.
| File | Description | When to Read |
|---|---|---|
http-security.md | SecurityFilterChain, HttpSecurity | Basic config |
jwt.md | JWT auth, filters | Token-based APIs |
oauth2.md | OAuth2 login/resource server | OAuth flows |
method-security.md | @PreAuthorize, @Secured | Method-level rules |
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers("/actuator/**").permitAll()
.requestMatchers(HttpMethod.POST, "/api/v1/auth/**").permitAll()
.anyRequest().authenticated()
)
.build();
}
public class JwtAuthFilter extends OncePerRequestFilter {
private final JwtService jwtService;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
String token = resolveToken(request);
if (token != null && jwtService.isValid(token)) {
Authentication auth = jwtService.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(auth);
}
filterChain.doFilter(request, response);
}
}
@PreAuthorize("hasRole('ADMIN')")
public void deleteUser(String id) {
userRepository.deleteById(id);
}
| Anti-Pattern | Why Bad | Better Approach |
|---|---|---|
| PermitAll on broad paths | Security holes | Explicit allow list |
| Storing secrets in code | Leaks | Env variables or vault |
| Mixing auth and business logic | Hard to maintain | Dedicated filters/services |
| Need | Skill |
|---|---|
| Core Spring patterns | @[skills/spring-boot-patterns] |
| Testing | @[skills/spring-testing] |