lazygophers/java-spring
plugins/languages/java/skills/spring/SKILL.md
Spring Boot 3.4+ 开发规范 — Virtual Threads 集成、Record `@ConfigurationProperties`、构造函数注入、`@Transactional` 边界、关闭 OSIV、Spring Security 6 lambda DSL、Micrometer + OpenTelemetry 可观测性、Spring Data JPA / Hibernate 6、Flyway 迁移、GraalVM Native Image。当用户开发 Spring REST API、微服务、Web 应用,或讨论 "Spring Boot"、"REST"、"JPA"、"Spring Security"、"@Transactional"、"Actuator"、"Native Image" 时加载。
$ install --global
skillsauthnpx skillsauth add lazygophers/ccplugin java-springInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 17, 2026, 6:40 AM160.3s1 file scanned
SKILL.md
- name:
- java-spring
- description:
- Spring Boot 3.4+ 开发规范 — Virtual Threads 集成、Record `@ConfigurationProperties`、构造函数注入、`@Transactional` 边界、关闭 OSIV、Spring Security 6 lambda DSL、Micrometer + OpenTelemetry 可观测性、Spring Data JPA / Hibernate 6、Flyway 迁移、GraalVM Native Image。当用户开发 Spring REST API、微服务、Web 应用,或讨论 "Spring Boot"、"REST"、"JPA"、"Spring Security"、"@Transactional"、"Actuator"、"Native Image" 时加载。
- model:
- sonnet
Spring Boot 开发规范
基线:Spring Boot 3.4+ (Java 21 LTS 最低,Java 25 LTS 推荐)。
Spring Boot 4.0 计划 2025-11 GA,Java 25 基线、Jakarta EE 11、Hibernate 7。若项目未升级 4.0,按 3.4 规范执行;升级时跑
spring-boot-properties-migrator。
硬约束
- 构造函数注入,禁
@Autowired字段注入 @Transactional标在 Service 层;读操作显式readOnly = true- 关闭 OSIV:
spring.jpa.open-in-view: false - 生产禁
ddl-auto: update;用 Flyway/Liquibase - 配置属性用 Record +
@ConfigurationProperties - 启用 Virtual Threads:
spring.threads.virtual.enabled: true - REST 错误响应用 ProblemDetail (见 java-error)
- Hibernate batch_size 配置,避免 N+1
- Actuator + Micrometer + OpenTelemetry 全链路可观测
- Spring Security 6 lambda DSL,禁旧
antMatchers
入口与配置
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
@ConfigurationProperties(prefix = "app")
public record AppConfig(
String name,
int maxConnections,
Duration timeout,
SecurityConfig security
) {
public record SecurityConfig(String jwtSecret, Duration tokenExpiry) {}
}
@EnableConfigurationProperties(AppConfig.class)
@Configuration
class AppConfiguration {}
# application.yml
spring:
threads:
virtual:
enabled: true
mvc:
problemdetails:
enabled: true
jpa:
open-in-view: false
hibernate:
ddl-auto: validate
properties:
hibernate:
default_batch_fetch_size: 100
jdbc.batch_size: 50
order_inserts: true
order_updates: true
datasource:
hikari:
maximum-pool-size: 10
minimum-idle: 5
management:
endpoints.web.exposure.include: health,info,metrics,prometheus
observations.annotations.enabled: true
tracing.sampling.probability: 1.0
分层模板
Controller (薄)
@RestController
@RequestMapping("/api/v1/users")
public class UserController {
private final UserService userService;
public UserController(UserService userService) { this.userService = userService; }
@GetMapping("/{id}")
public ResponseEntity<UserResponse> get(@PathVariable Long id) {
return userService.findById(id)
.map(ResponseEntity::ok)
.orElseThrow(() -> new AppRuntimeException(
new ResourceNotFoundException("User", id.toString())));
}
@PostMapping
public ResponseEntity<UserResponse> create(@Valid @RequestBody CreateUserRequest req) {
UserResponse u = userService.create(req);
return ResponseEntity.created(URI.create("/api/v1/users/" + u.id())).body(u);
}
@GetMapping
public Page<UserResponse> list(@RequestParam(defaultValue = "0") int page,
@RequestParam(defaultValue = "20") int size) {
return userService.findAll(PageRequest.of(page, size));
}
}
Service (事务 + 业务)
@Service
public class UserService {
private static final Logger log = LoggerFactory.getLogger(UserService.class);
private final UserRepository repo;
public UserService(UserRepository repo) { this.repo = repo; }
@Transactional
public UserResponse create(CreateUserRequest req) {
if (repo.existsByEmail(req.email())) {
throw new AppRuntimeException(new DuplicateResourceException("email", req.email()));
}
User saved = repo.save(new User(req.email(), req.name()));
log.info("User created: id={}", saved.getId());
return UserResponse.from(saved);
}
@Transactional(readOnly = true)
public Optional<UserResponse> findById(Long id) {
return repo.findById(id).map(UserResponse::from);
}
@Transactional(readOnly = true)
public Page<UserResponse> findAll(Pageable p) {
return repo.findAll(p).map(UserResponse::from);
}
}
Repository
@Repository
public interface UserRepository extends JpaRepository<User, Long> {
Optional<User> findByEmail(String email);
boolean existsByEmail(String email);
@Query("SELECT u FROM User u JOIN FETCH u.orders WHERE u.id IN :ids")
List<User> findAllWithOrders(@Param("ids") List<Long> ids);
}
Spring Security 6
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/v1/auth/**", "/actuator/health").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer(o -> o.jwt(Customizer.withDefaults()))
.sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
}
}
可观测 (Micrometer + OpenTelemetry)
@Service
public class UserService {
private final Counter usersCreated;
public UserService(MeterRegistry registry) {
this.usersCreated = Counter.builder("users.created")
.description("Users created").register(registry);
}
@Observed(name = "user.create", contextualName = "create-user")
@Transactional
public UserResponse create(CreateUserRequest req) {
// ...
usersCreated.increment();
return UserResponse.from(saved);
}
}
依赖:spring-boot-starter-actuator、micrometer-registry-prometheus、micrometer-tracing-bridge-otel、opentelemetry-exporter-otlp。
Flyway 迁移
-- V1__create_users_table.sql
CREATE TABLE users (
id BIGSERIAL PRIMARY KEY,
email VARCHAR(255) NOT NULL UNIQUE,
name VARCHAR(100) NOT NULL,
active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_users_email ON users(email);
GraalVM Native Image
plugins {
id 'org.springframework.boot' version '3.4.0'
id 'io.spring.dependency-management' version '1.1.6'
id 'org.graalvm.buildtools.native' version '0.10.3'
}
./gradlew nativeCompile
./build/native/nativeCompile/my-app
Red Flags
| AI 易犯解释 | 实际应核验 |
|---------|---------|
| "@Autowired 字段注入快" | 是否构造函数注入? |
| "OSIV 默认开" | 是否 open-in-view: false? |
| "ddl-auto=update 方便" | 生产是否 Flyway? |
| "Spring Boot 2.x 还能用" | 是否 3.4+ (或 4.0)? |
| "antMatchers 改不动" | 是否升级 requestMatchers? |
| "不需要 tracing" | 是否接 Micrometer + OTel? |
| "JPA 默认就行" | 是否配置 batch_size 防 N+1? |
检查清单
- [ ] Spring Boot 3.4+ (或 4.0)
- [ ] Java 21+ (推荐 25)
- [ ]
spring.threads.virtual.enabled=true - [ ] 构造函数注入 (无
@Autowired字段) - [ ]
@Transactional在 Service;只读用readOnly=true - [ ]
spring.jpa.open-in-view=false - [ ]
@ConfigurationProperties+ Record - [ ] ProblemDetail 启用
- [ ] Spring Security 6 lambda DSL
- [ ] Actuator + Micrometer + OTel
- [ ] Flyway/Liquibase 数据库迁移
- [ ] Hibernate
batch_size+default_batch_fetch_size - [ ] OpenAPI 3.1 (springdoc-openapi)
- [ ] Native Image 评估
参考
- Spring Boot 文档: https://docs.spring.io/spring-boot/index.html
- Spring Framework: https://docs.spring.io/spring-framework/reference/
- Spring Security: https://docs.spring.io/spring-security/reference/
- Micrometer Tracing: https://docs.micrometer.io/tracing/reference/
- Hibernate 6 用户指南: https://docs.jboss.org/hibernate/orm/6.6/userguide/html_single/Hibernate_User_Guide.html
Related Skills
lazygophers/golang-db
development
VerifiedTrustedCommunity
Go 数据库规范——GORM Model 命名 ModelXxx、表名单数、枚举 uint8 + 常量、索引 idx_ 前缀 + deleted_at leading column、禁 time.Time 统一 int64 unix、禁指针/nullable 字段、TEXT/BLOB/JSON 禁 default、AutoMigrate 禁改主键。设计 DB model、写 GORM tag、建索引、做 migration 审查时触发。
4SKILL.mdUpdated Jun 5, 2026
lazygophers/golang-api
development
VerifiedTrustedCommunity
Go HTTP API 规范——响应始终 200 + body code 字段、路由 /api/* 全 POST 单段 <Action><Model>、中间件逐路由注册禁 Group(prefix,mw...)、handler 仅返回 (rsp,error)、认证走 header。设计 HTTP API、写路由/handler/中间件时触发。
4SKILL.mdUpdated Jun 5, 2026
lazygophers/golang-structure
development
VerifiedTrustedCommunity
Go 项目结构规范——三层架构(API → Impl → State)、全局状态模式、internal/ 私有包、cmd/ 仅 main.go、go.work 多模块、禁止 Repository 接口和 DI 容器、struct 公共字段开头全 omitempty、handler var rsp 顶声明、禁 legacy migration。设计项目骨架、新建目录、组织包、做架构评审时触发。
4SKILL.mdUpdated Apr 24, 2026
lazygophers/golang-naming
development
VerifiedTrustedCommunity
Go 命名规范——Id/Uid 字段(非 ID)、IsActive/HasMFA 布尔前缀、CreatedAt 时间字段、接收者统一用 p、包名全小写无下划线、泛型类型参数描述性命名、集合字段 xxx_list 禁 xxxs 复数、Enum 0 值 XxxNil 禁 Unknown、禁 Status 统一 State、Set/Update 语义区分。定义结构体字段、函数、变量、包、接收者名、泛型、枚举时触发。
4SKILL.mdUpdated Apr 24, 2026