DiscordSign up
SKILLS.SH

springboot-patterns

Spring Boot patterns for REST APIs, layered services, data access, caching, and async processing. Covers controller, service, and repository layers with Spring MVC/WebFlux, Spring Data JPA queries, and transactional boundaries Includes DTOs with validation, centralized exception handling via @ControllerAdvice , and RFC 7807 error responses Provides caching strategies with @Cacheable and @CacheEvict , async processing with @Async , and structured logging via SLF4J Demonstrates request filtering, pagination, sorting, retry logic, and rate limiting with security considerations for forwarded headers Covers background jobs, observability (Micrometer, OpenTelemetry), and production defaults like constructor injection and connection pooling

INSTALLATION
npx skills add https://github.com/affaan-m/everything-claude-code --skill springboot-patterns
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Spring Boot Development Patterns

Spring Boot architecture and API patterns for scalable, production-grade services.

When to Activate

  • Building REST APIs with Spring MVC or WebFlux
  • Structuring controller → service → repository layers
  • Configuring Spring Data JPA, caching, or async processing
  • Adding validation, exception handling, or pagination
  • Setting up profiles for dev/staging/production environments
  • Implementing event-driven patterns with Spring Events or Kafka

REST API Structure

@RestController

@RequestMapping("/api/markets")

@Validated

class MarketController {

  private final MarketService marketService;

  MarketController(MarketService marketService) {

    this.marketService = marketService;

  }

  @GetMapping

  ResponseEntity<Page<MarketResponse>> list(

      @RequestParam(defaultValue = "0") int page,

      @RequestParam(defaultValue = "20") int size) {

    Page<Market> markets = marketService.list(PageRequest.of(page, size));

    return ResponseEntity.ok(markets.map(MarketResponse::from));

  }

  @PostMapping

  ResponseEntity<MarketResponse> create(@Valid @RequestBody CreateMarketRequest request) {

    Market market = marketService.create(request);

    return ResponseEntity.status(HttpStatus.CREATED).body(MarketResponse.from(market));

  }

}

Repository Pattern (Spring Data JPA)

public interface MarketRepository extends JpaRepository<MarketEntity, Long> {

  @Query("select m from MarketEntity m where m.status = :status order by m.volume desc")

  List<MarketEntity> findActive(@Param("status") MarketStatus status, Pageable pageable);

}

Service Layer with Transactions

@Service

public class MarketService {

  private final MarketRepository repo;

  public MarketService(MarketRepository repo) {

    this.repo = repo;

  }

  @Transactional

  public Market create(CreateMarketRequest request) {

    MarketEntity entity = MarketEntity.from(request);

    MarketEntity saved = repo.save(entity);

    return Market.from(saved);

  }

}

DTOs and Validation

public record CreateMarketRequest(

    @NotBlank @Size(max = 200) String name,

    @NotBlank @Size(max = 2000) String description,

    @NotNull @FutureOrPresent Instant endDate,

    @NotEmpty List<@NotBlank String> categories) {}

public record MarketResponse(Long id, String name, MarketStatus status) {

  static MarketResponse from(Market market) {

    return new MarketResponse(market.id(), market.name(), market.status());

  }

}

Exception Handling

@ControllerAdvice

class GlobalExceptionHandler {

  @ExceptionHandler(MethodArgumentNotValidException.class)

  ResponseEntity<ApiError> handleValidation(MethodArgumentNotValidException ex) {

    String message = ex.getBindingResult().getFieldErrors().stream()

        .map(e -> e.getField() + ": " + e.getDefaultMessage())

        .collect(Collectors.joining(", "));

    return ResponseEntity.badRequest().body(ApiError.validation(message));

  }

  @ExceptionHandler(AccessDeniedException.class)

  ResponseEntity<ApiError> handleAccessDenied() {

    return ResponseEntity.status(HttpStatus.FORBIDDEN).body(ApiError.of("Forbidden"));

  }

  @ExceptionHandler(Exception.class)

  ResponseEntity<ApiError> handleGeneric(Exception ex) {

    // Log unexpected errors with stack traces

    return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)

        .body(ApiError.of("Internal server error"));

  }

}

Caching

Requires @EnableCaching on a configuration class.

@Service

public class MarketCacheService {

  private final MarketRepository repo;

  public MarketCacheService(MarketRepository repo) {

    this.repo = repo;

  }

  @Cacheable(value = "market", key = "#id")

  public Market getById(Long id) {

    return repo.findById(id)

        .map(Market::from)

        .orElseThrow(() -> new EntityNotFoundException("Market not found"));

  }

  @CacheEvict(value = "market", key = "#id")

  public void evict(Long id) {}

}

Async Processing

Requires @EnableAsync on a configuration class.

@Service

public class NotificationService {

  @Async

  public CompletableFuture<Void> sendAsync(Notification notification) {

    // send email/SMS

    return CompletableFuture.completedFuture(null);

  }

}

Logging (SLF4J)

@Service

public class ReportService {

  private static final Logger log = LoggerFactory.getLogger(ReportService.class);

  public Report generate(Long marketId) {

    log.info("generate_report marketId={}", marketId);

    try {

      // logic

    } catch (Exception ex) {

      log.error("generate_report_failed marketId={}", marketId, ex);

      throw ex;

    }

    return new Report();

  }

}

Middleware / Filters

@Component

public class RequestLoggingFilter extends OncePerRequestFilter {

  private static final Logger log = LoggerFactory.getLogger(RequestLoggingFilter.class);

  @Override

  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,

      FilterChain filterChain) throws ServletException, IOException {

    long start = System.currentTimeMillis();

    try {

      filterChain.doFilter(request, response);

    } finally {

      long duration = System.currentTimeMillis() - start;

      log.info("req method={} uri={} status={} durationMs={}",

          request.getMethod(), request.getRequestURI(), response.getStatus(), duration);

    }

  }

}

Pagination and Sorting

PageRequest page = PageRequest.of(pageNumber, pageSize, Sort.by("createdAt").descending());

Page<Market> results = marketService.list(page);

Error-Resilient External Calls

public <T> T withRetry(Supplier<T> supplier, int maxRetries) {

  int attempts = 0;

  while (true) {

    try {

      return supplier.get();

    } catch (Exception ex) {

      attempts++;

      if (attempts >= maxRetries) {

        throw ex;

      }

      try {

        Thread.sleep((long) Math.pow(2, attempts) * 100L);

      } catch (InterruptedException ie) {

        Thread.currentThread().interrupt();

        throw ex;

      }

    }

  }

}

Rate Limiting (Filter + Bucket4j)

Security Note: The X-Forwarded-For header is untrusted by default because clients can spoof it.

Only use forwarded headers when:

  • Your app is behind a trusted reverse proxy (nginx, AWS ALB, etc.)
  • You have registered ForwardedHeaderFilter as a bean
  • You have configured server.forward-headers-strategy=NATIVE or FRAMEWORK in application properties
  • Your proxy is configured to overwrite (not append to) the X-Forwarded-For header

When ForwardedHeaderFilter is properly configured, request.getRemoteAddr() will automatically

return the correct client IP from the forwarded headers. Without this configuration, use

request.getRemoteAddr() directly—it returns the immediate connection IP, which is the only

trustworthy value.

@Component

public class RateLimitFilter extends OncePerRequestFilter {

  private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();

  /*

   * SECURITY: This filter uses request.getRemoteAddr() to identify clients for rate limiting.

   *

   * If your application is behind a reverse proxy (nginx, AWS ALB, etc.), you MUST configure

   * Spring to handle forwarded headers properly for accurate client IP detection:

   *

   * 1. Set server.forward-headers-strategy=NATIVE (for cloud platforms) or FRAMEWORK in

   *    application.properties/yaml

   * 2. If using FRAMEWORK strategy, register ForwardedHeaderFilter:

   *

   *    @Bean

   *    ForwardedHeaderFilter forwardedHeaderFilter() {

   *        return new ForwardedHeaderFilter();

   *    }

   *

   * 3. Ensure your proxy overwrites (not appends) the X-Forwarded-For header to prevent spoofing

   * 4. Configure server.tomcat.remoteip.trusted-proxies or equivalent for your container

   *

   * Without this configuration, request.getRemoteAddr() returns the proxy IP, not the client IP.

   * Do NOT read X-Forwarded-For directly—it is trivially spoofable without trusted proxy handling.

   */

  @Override

  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,

      FilterChain filterChain) throws ServletException, IOException {

    // Use getRemoteAddr() which returns the correct client IP when ForwardedHeaderFilter

    // is configured, or the direct connection IP otherwise. Never trust X-Forwarded-For

    // headers directly without proper proxy configuration.

    String clientIp = request.getRemoteAddr();

    Bucket bucket = buckets.computeIfAbsent(clientIp,

        k -> Bucket.builder()

            .addLimit(Bandwidth.classic(100, Refill.greedy(100, Duration.ofMinutes(1))))

            .build());

    if (bucket.tryConsume(1)) {

      filterChain.doFilter(request, response);

    } else {

      response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());

    }

  }

}

Background Jobs

Use Spring’s @Scheduled or integrate with queues (e.g., Kafka, SQS, RabbitMQ). Keep handlers idempotent and observable.

Observability

  • Structured logging (JSON) via Logback encoder
  • Metrics: Micrometer + Prometheus/OTel
  • Tracing: Micrometer Tracing with OpenTelemetry or Brave backend

Production Defaults

  • Prefer constructor injection, avoid field injection
  • Enable spring.mvc.problemdetails.enabled=true for RFC 7807 errors (Spring Boot 3+)
  • Configure HikariCP pool sizes for workload, set timeouts
  • Use @Transactional(readOnly = true) for queries
  • Enforce null-safety via @NonNull and Optional where appropriate

Remember: Keep controllers thin, services focused, repositories simple, and errors handled centrally. Optimize for maintainability and testability.

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card