spring-security-configurator-auditor

Design and audit Spring Security configurations for Kotlin plus Spring services, including filter chains, JWT or OAuth2 resource server setup, method security, CORS, CSRF rationale, and public endpoint exposure. Use when adding or reviewing authentication and authorization, narrowing access rules, validating token handling, or checking for insecure defaults and accidental exposure.

Best for Spring Boot servicesWorks with GitHubLow risk

#spring-security #kotlin #authentication #authorization #filter-chains #jwt #oauth2

⌘source

author: @JetBrains
repo: JetBrains/skills
language: Python

✦overview.md

Key Features

·Design secure filter chains
·Audit JWT and OAuth2 setup
·Review CORS and CSRF
·Enforce least privilege
·Validates token handling

Use Cases

→Adding authentication to a new Spring service
→Reviewing existing security config for vulnerabilities
→Configuring OAuth2 resource server with JWT
→Auditing public endpoint exposure

Best for

✓Spring Boot services
✓Kotlin backend teams
✓security review

Not ideal for

!Non-Spring frameworks
!frontend security

FAQs

spring-security-configurator-auditor/SKILL.md

name

spring-security-configurator-auditor

description

metadata:{"short-description":"Build and audit secure filter chains","author":"Kotlin","source":"https://github.com/Kotlin/kotlin-backend-agent-skills/tree/main/.agents/skills/spring-security-configurator-auditor"}

Spring Security Configurator Auditor

Source mapping: Tier 2 high-value skill derived from Kotlin_Spring_Developer_Pipeline.md (SK-13).

Mission

Produce a security model that is explicit, minimal, and testable. Optimize for least privilege and correct failure semantics, not for shortest config.

Read First

Current SecurityFilterChain or chains.
Endpoint inventory, including actuator, docs, and internal admin routes.
Authentication model: session, JWT, OAuth2 resource server, API keys, mTLS, or mixed.
Authorization model: roles, scopes, claims, method security, tenant boundaries.
CORS, CSRF, and security-related tests.

Design Sequence

Define who the clients are: browser, internal service, public API consumer, job, or operator.
Define authentication mechanism and token trust boundaries.
Enumerate public endpoints explicitly.
Define authorization at URL and method level.
Define 401 and 403 behavior.
Add tests for the critical allowed and denied paths.

Core Security Rules

Prefer explicit allowlists for public endpoints.
Validate JWT issuer, audience, expiration, signature, and clock-skew assumptions deliberately.

...

$install

1-click copy

npx skills add JetBrains/skills --skill spring-security-configurator-auditor

Safety assessment

★

Clarity score

How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.

3/ 5

good

Mostly clear, but there are still a few confusing or poorly structured parts.

◎

Actionability score

How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.

3/ 5

medium

Partially actionable with several concrete steps, but still missing important details.

~community cookbook

~you might also like

view all →

solana-dev

★263

code-review#solana

[✓]from @aiskillstore

[✓]

Use when user asks to "build a Solana dapp", "write an Anchor program", "create a token", "debug Solana errors", "set...

April 30, 2026

◧ Compare

resume

★57

debugging#bug bounty

[✓]from @H-mmer

[✓]

Resume a previous hunt. Shows hunt history, untested endpoints, memory-informed suggestions. Usage: /resume target.com

April 30, 2026

◧ Compare

fullscan

★57

security#security

[✓]from @H-mmer

[✓]

Full security assessment with brain coordination.

⚠ high risk

April 30, 2026

◧ Compare

correlate

★57

security#security

[✓]from @H-mmer

[✓]

Run the finding correlation engine to discover attack chains from individual findings.

April 30, 2026

◧ Compare

submit

★57

security#bug bounty

[✓]from @H-mmer

[✓]

Draft and submit a vulnerability report to the bug bounty platform.

April 30, 2026

◧ Compare

autopilot

★57

security#bug bounty

[✓]from @H-mmer

[✓]

Autonomous hunt orchestrator — dispatches subagents for recon, ranking, hunting, validation, browser verification, ad...

⚠ high risk

April 30, 2026

◧ Compare

spring-security-configurator-auditor

Best for Spring Boot servicesWorks with GitHubLow risk

Spring Security Configurator Auditor

Source mapping: Tier 2 high-value skill derived from Kotlin_Spring_Developer_Pipeline.md (SK-13).

Mission

Produce a security model that is explicit, minimal, and testable. Optimize for least privilege and correct failure semantics, not for shortest config.

Read First

Current SecurityFilterChain or chains.

Endpoint inventory, including actuator, docs, and internal admin routes.

Authentication model: session, JWT, OAuth2 resource server, API keys, mTLS, or mixed.

Authorization model: roles, scopes, claims, method security, tenant boundaries.

CORS, CSRF, and security-related tests.

Design Sequence

Define who the clients are: browser, internal service, public API consumer, job, or operator.

Define authentication mechanism and token trust boundaries.

Enumerate public endpoints explicitly.

Define authorization at URL and method level.

Define 401 and 403 behavior.

Add tests for the critical allowed and denied paths.

Core Security Rules

Prefer explicit allowlists for public endpoints.

Validate JWT issuer, audience, expiration, signature, and clock-skew assumptions deliberately.

spring-security-configurator-auditor

Key Features

Use Cases

Best for

Not ideal for

FAQs

Does this skill cover session-based auth?

Can it generate full YAML config?

Spring Security Configurator Auditor

Mission

Read First

Design Sequence

Core Security Rules

Safety assessment

Clarity score

Actionability score

~community cookbook

~you might also like

solana-dev

resume

fullscan

correlate

submit

autopilot

AI Skill Finder

spring-security-configurator-auditor

Key Features

Use Cases

Best for

Not ideal for

FAQs

Does this skill cover session-based auth?

Can it generate full YAML config?

Spring Security Configurator Auditor

Mission

Read First

Design Sequence

Core Security Rules

Safety assessment

Clarity score

Actionability score

~community cookbook

~you might also like

solana-dev

resume

fullscan

correlate

submit

autopilot