404-frameworks-quarkus-security
This Claude Code skill provides guidance for implementing and reviewing security configurations in Quarkus applications, covering authentication mechanisms (JWT/OIDC, basic auth), authorization with role-based annotations, endpoint protection strategies, and secure error handling. Use it when adding security support to Quarkus APIs, hardening authorization rules, implementing permission checks via SecurityIdentity, or reviewing existing security configurations to ensure compliance with least-privilege design principles and sensitive-data protection practices.
git clone --depth 1 https://github.com/jabrena/cursor-rules-java /tmp/404-frameworks-quarkus-security && cp -r /tmp/404-frameworks-quarkus-security/skills/404-frameworks-quarkus-security ~/.claude/skills/404-frameworks-quarkus-securitySKILL.md
# Quarkus Security Guidelines Apply Quarkus security best practices with secure-by-default API and service boundaries. **What is covered in this Skill?** - Quarkus security configuration for authentication mechanisms - Authorization with @RolesAllowed / @Authenticated / @PermitAll - Endpoint and resource protection strategy - Least-privilege role design - Secure denial/error handling behavior - Sensitive data protection in logs and responses **Scope:** Apply recommendations based on the reference rules and good/bad examples. ## Constraints Before applying security changes, ensure the project compiles. After improvements, run full verification. - **MANDATORY**: Run `./mvnw compile` or `mvn compile` before applying any change - **SAFETY**: If compilation fails, stop immediately - **VERIFY**: Run `./mvnw clean verify` or `mvn clean verify` after applying improvements - **BEFORE APPLYING**: Read the reference for detailed rules and examples ## When to use this skill - Add Quarkus security support - Review Quarkus security configuration - Improve API authorization in Quarkus - Add JWT/OIDC security in Quarkus - Harden Quarkus authorization rules - Implement SecurityIdentity checks in Quarkus services ## Workflow 1. **Read reference and assess project context** Read `references/404-frameworks-quarkus-security.md` and inspect the current project setup before proposing changes. 2. **Gather scope and decide target improvements** Identify requested outcomes, constraints, and the minimum safe set of changes to apply. 3. **Apply framework-aligned changes** Implement or refactor security-related configuration/code following the reference patterns and project conventions. 4. **Run verification and report results** Execute appropriate build/tests and summarize what changed, what was verified, and any follow-up actions. ## Reference For detailed guidance, examples, and constraints, see [references/404-frameworks-quarkus-security.md](references/404-frameworks-quarkus-security.md).
Use when you need to generate a checklist document with Java system prompts, following the embedded template exactly and producing INVENTORY-SKILLS-JAVA.md in the project root. This should trigger for requests such as Create Java system prompts checklist; Generate INVENTORY-SKILLS-JAVA.md; Use @001-skills-inventory. Part of cursor-rules-java project
Use when you need to generate a checklist document with embedded agents inventory, following the embedded template exactly and producing INVENTORY-AGENTS-JAVA.md in the project root. This should trigger for requests such as Create embedded agents inventory checklist; Generate INVENTORY-AGENTS-JAVA.md; Use @002-agents-inventory. Part of cursor-rules-java project
Use when you need to install the embedded robot agents into either .cursor/agents or .claude/agents, selecting the destination interactively and copying the embedded agent definitions from project assets. This should trigger for requests such as Install embedded agents; Bootstrap .cursor/agents; Bootstrap .claude/agents; Copy robot agents. Part of cursor-rules-java project
Guides the creation of agile epics with comprehensive definition including business value, success criteria, and breakdown into user stories. Use when the user wants to create an agile epic, define large bodies of work, break down features into user stories, or document strategic initiatives. This should trigger for requests such as Create an agile epic; Write an epic; I need to create an epic; Define an epic; Epic definition. Part of cursor-rules-java project
Guides the creation of detailed agile feature documentation from an existing epic. Use when the user wants to split an epic into feature files, derive features with scope and acceptance criteria, or plan feature documentation for stakeholders or engineering. This should trigger for requests such as Create features from an epic; Split epic into features; Feature files from epic; Derive features from epic. Part of cursor-rules-java project
Guides the creation of agile user stories and Gherkin feature files. Use when the user wants to create a user story, write acceptance criteria, define Gherkin scenarios, or author BDD feature files. This should trigger for requests such as Create a user story; Write a user story; I need to write a user story. Part of cursor-rules-java project
Use when you need to generate Architecture Decision Records (ADRs) for a Java project through an interactive, conversational process that systematically gathers context, stakeholders, options, and outcomes to produce well-structured ADR documents. This should trigger for requests such as Generate ADR; Create Architecture Decision Record; Document architecture decision; Architecture Decision Record for Java. Part of cursor-rules-java project
Facilitates conversational discovery to create Architectural Decision Records (ADRs) for functional requirements covering CLI, REST/HTTP APIs, or both. Use when the user wants to document command-line or HTTP service architecture, capture functional requirements, create ADRs for CLI or API projects, or design interfaces with documented decisions. This should trigger for requests such as Create ADR for functional requirements; Document functional requirements; Capture functional requirements; Generate functional requirements in an ADR. Part of cursor-rules-java project