ワンクリックで
spring-security
Spring Security 6 patterns for authentication, authorization, and OAuth2
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Spring Security 6 patterns for authentication, authorization, and OAuth2
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Core Java patterns, modern Java features (JDK 17+), best practices
Maven and Gradle build tools, dependency management, multi-module projects
JUnit 5 testing patterns with Mockito and AssertJ
Spring Boot 3 patterns for controllers, services, configuration, and validation
Spring Data JPA and Hibernate patterns for entities, repositories, and query performance
Spring Boot testing with @SpringBootTest, MockMvc, and Testcontainers
| name | spring-security |
| description | Spring Security 6 patterns for authentication, authorization, and OAuth2 |
| keywords | ["spring-security","security","authentication","authorization","oauth2","jwt","filter","csrf","method security"] |
| filePatterns | ["*.java","application.yml","application.properties"] |
| frameworks | ["spring-security","spring-boot"] |
| tokenCount | 3000 |
| version | 1.0.0 |
Spring Security 6 patterns for securing APIs. Favor explicit security rules and least privilege.
Read only files relevant to the request. Use the content map to focus.
| File | Description | When to Read |
|---|---|---|
http-security.md | SecurityFilterChain, HttpSecurity | Basic config |
jwt.md | JWT auth, filters | Token-based APIs |
oauth2.md | OAuth2 login/resource server | OAuth flows |
method-security.md | @PreAuthorize, @Secured | Method-level rules |
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers("/actuator/**").permitAll()
.requestMatchers(HttpMethod.POST, "/api/v1/auth/**").permitAll()
.anyRequest().authenticated()
)
.build();
}
public class JwtAuthFilter extends OncePerRequestFilter {
private final JwtService jwtService;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
String token = resolveToken(request);
if (token != null && jwtService.isValid(token)) {
Authentication auth = jwtService.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(auth);
}
filterChain.doFilter(request, response);
}
}
@PreAuthorize("hasRole('ADMIN')")
public void deleteUser(String id) {
userRepository.deleteById(id);
}
| Anti-Pattern | Why Bad | Better Approach |
|---|---|---|
| PermitAll on broad paths | Security holes | Explicit allow list |
| Storing secrets in code | Leaks | Env variables or vault |
| Mixing auth and business logic | Hard to maintain | Dedicated filters/services |
| Need | Skill |
|---|---|
| Core Spring patterns | @[skills/spring-boot-patterns] |
| Testing | @[skills/spring-testing] |