304-frameworks-spring-boot-security

Solid

Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project

AI & Automation 393 stars 78 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 92/100

Stars 20%
86
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Spring Boot Security Guidelines Apply Spring Boot security best practices with secure-by-default API boundaries. **What is covered in this Skill?** - Spring Security configuration and SecurityFilterChain setup - Authentication and authorization policies for endpoints - Method-level security (@PreAuthorize / @Secured) - Principle of least privilege for roles and scopes - Secure error handling and denial responses - Sensitive data handling in logs and responses **Scope:** Apply recommendations based on the reference rules and good/bad examples. ## Constraints Before applying security changes, ensure the project compiles. After improvements, run full verification. - **MANDATORY**: Run `./mvnw compile` or `mvn compile` before applying any change - **SAFETY**: If compilation fails, stop immediately - **VERIFY**: Run `./mvnw clean verify` or `mvn clean verify` after applying improvements - **BEFORE APPLYING**: Read the reference for detailed rules and examples ## When to use this skill - Add Spring Boot security support - Review Spring Boot security configuration - Improve API authorization in Spring Boot - Add JWT resource server security in Spring Boot - Harden Spring Boot security headers and CSRF settings - Implement method security with @PreAuthorize in Spring Boot ## Workflow 1. **Read reference and assess project context** Read `references/304-frameworks-spring-boot-security.md` and inspect the current project setup before proposing changes. 2. **Gather scope ...

Details

Author
jabrena
Repository
jabrena/cursor-rules-java
Created
1 years ago
Last Updated
today
Language
Java
License
Apache-2.0

Integrates with

Spring · Backend OAuth · Auth Model Context Protocol · AI

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Listed

spring-security

Spring Boot security review — Spring Security config (SecurityFilterChain), OAuth2/OIDC client and resource-server, method-level @PreAuthorize, JWT validation, actuator endpoint lockdown, CSRF model for web vs API, and recent Spring CVE patterns (Spring4Shell, SpEL injection, authorization bypasses).

4 Updated 1 weeks ago
roodlicht
AI & Automation Solid

301-frameworks-spring-boot-core

Use when you need to review, improve, or build Spring Boot 4.0.x applications — including proper usage of @SpringBootApplication, component annotations (@Controller, @Service, @Repository), bean definition and scoping, configuration classes and @ConfigurationProperties (with @Validated), component scanning, conditional configuration and profiles, constructor injection, @Primary and @Qualifier for multiple beans of the same type, bean minimization, graceful shutdown, virtual threads, Jakarta EE namespace consistency, and scheduled tasks. This should trigger for requests such as Review Java code for Spring Boot application; Apply best practices for Spring Boot application in Java code. Part of cursor-rules-java project

393 Updated today
jabrena
AI & Automation Solid

303-frameworks-spring-boot-validation

Use when you need to design, review, or improve validation in Spring Boot applications — including Bean Validation on request DTOs, @Valid/@Validated at API boundaries, constraint groups, custom constraints, @ConfigurationProperties validation, nested DTO validation, and consistent validation error handling. This should trigger for requests such as Add validation support in Spring Boot; Review Spring Boot validation rules; Improve request validation in Spring Boot REST APIs; Add custom Bean Validation constraints in Spring Boot; Validate configuration properties in Spring Boot. Part of cursor-rules-java project

393 Updated today
jabrena
API & Backend Listed

java-security

Reviews or implements Spring Security configuration — JWT authentication, OAuth2, method-level security, CORS, and CSRF. Use when user asks to "add authentication", "secure this API", "implement JWT", "configure Spring Security", "add OAuth2 login", "protect endpoints", or "review security config".

0 Updated today
limited-grisaille833
AI & Automation Solid

302-frameworks-spring-boot-rest

Use when you need to design, review, or improve REST APIs with Spring Boot — including HTTP methods, resource URIs, status codes, DTOs, versioning, deprecation and sunset headers, content negotiation (JSON and vendor media types), ISO-8601 instants in DTOs, pagination/sorting/filtering, Bean Validation at the boundary, idempotency, ETag concurrency, HTTP caching, error handling, security, contract-first OpenAPI (OpenAPI Generator), controller advice, and problem details for errors. This should trigger for requests such as Review Java code for Spring Boot REST API; Apply best practices for Spring Boot REST API in Java code. Part of cursor-rules-java project

393 Updated today
jabrena