spring-boot-security | spring-boot | ClaudePluginHub

Skill

Community

spring-boot-security

From spring-boot

1

Description

Spring Security 7 implementation for Spring Boot 4. Use when configuring authentication, authorization, OAuth2/JWT resource servers, method security, or CORS/CSRF. Covers the mandatory Lambda DSL migration, SecurityFilterChain patterns, @PreAuthorize, and password encoding. For testing secured endpoints, see spring-boot-testing skill.

Install

1

Add the repository(one-time)

$

/plugin marketplace add joaquimscosta/arkhe-claude-plugins

2

Install the plugin

$

/plugin install spring-boot@arkhe-claude-plugins

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

View in Repository

EXAMPLES.md

TROUBLESHOOTING.md

references/authentication.md

references/jwt-oauth2.md

references/security-config.md

Skill Content

Spring Security 7 for Spring Boot 4

Implements authentication and authorization with Spring Security 7's mandatory Lambda DSL.

Critical Breaking Changes

Removed API	Replacement	Status
`and()` method	Lambda DSL closures	Required
`authorizeRequests()`	`authorizeHttpRequests()`	Required
`antMatchers()`	`requestMatchers()`	Required
`WebSecurityConfigurerAdapter`	`SecurityFilterChain` bean	Required
`@EnableGlobalMethodSecurity`	`@EnableMethodSecurity`	Required

Core Workflow

Create SecurityFilterChain bean → Configure with Lambda DSL
Define authorization rules → authorizeHttpRequests() with requestMatchers()
Configure authentication → Form login, HTTP Basic, or OAuth2
Add method security → @EnableMethodSecurity + @PreAuthorize
Handle CORS/CSRF → Configure for REST APIs

Quick Patterns

See EXAMPLES.md for complete working examples including:

REST API Security with JWT/OAuth2 (Java + Kotlin)
Form Login with Session Security and CSRF
Method Security with @PreAuthorize and SpEL
CORS Configuration for cross-origin APIs
Password Encoder (Argon2 for Security 7)

Spring Boot 4 Specifics

Lambda DSL is mandatory (no and() chaining)
Argon2 password encoder: Argon2PasswordEncoder.defaultsForSpring7()
CSRF for SPAs: CookieCsrfTokenRepository.withHttpOnlyFalse()
@EnableMethodSecurity replaces @EnableGlobalMethodSecurity

Detailed References

Examples: See EXAMPLES.md for complete working code examples
Troubleshooting: See TROUBLESHOOTING.md for common issues and Boot 4 migration
Security Configuration: See references/security-config.md for complete SecurityFilterChain patterns
Authentication: See references/authentication.md for UserDetailsService, password encoding
JWT/OAuth2: See references/jwt-oauth2.md for resource server, token validation

Anti-Pattern Checklist

Anti-Pattern	Fix
Using `and()` chaining	Use Lambda DSL closures
`antMatchers()`	Replace with `requestMatchers()`
`authorizeRequests()`	Replace with `authorizeHttpRequests()`
CSRF disabled without JWT	Keep CSRF for session-based auth
Hardcoded credentials	Use environment variables or Secret Manager
`permitAll()` on sensitive endpoints	Audit all permit rules
Missing `authenticated()` default	End with `.anyRequest().authenticated()`

Critical Reminders

Lambda DSL is mandatory — No more and() chaining in Security 7
Order matters — More specific requestMatchers before general ones
CSRF for sessions — Only disable for stateless JWT APIs
Method security needs enabling — Add @EnableMethodSecurity
Test your security — Use @WithMockUser and JWT test support (see spring-boot-testing)

Links

GitHub Stats

0 forks

Similar Skills

claude-opus-4-5-migration

Migrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5. Use when the user wants to update their codebase, prompts, or API calls to use Opus 4.5. Handles model string updates and prompt adjustments for known Opus 4.5 behavioral differences. Does NOT migrate Haiku 4.5.

claude-opus-4-5-migration

47.1k

frontend-design

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

frontend-design

47.1k

Writing Hookify Rules

This skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.

47.1k