← Back to Skills Marketplace
wu-uk

senior-java

by wu-uk · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ✓ Security Clean
73
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install fix-druid-loophole-cve-senior-java
Description
World-class Java and Spring Boot development skill for enterprise applications, microservices, and cloud-native systems. Expertise in Spring Framework, Sprin...
README (SKILL.md)

Senior Java

World-class Java and Spring Boot development skill for enterprise applications, microservices, and cloud-native systems. Expertise in Spring Framework, Spring Boot 3.x, Spring Cloud, JPA/Hibernate, and reactive programming with WebFlux.

Overview

This skill provides production-ready Java and Spring Boot development capabilities through six Python automation tools and comprehensive reference documentation. Whether building enterprise monoliths, microservices architectures, or reactive systems, this skill ensures best practices, scalable architecture, and enterprise-grade security.

What This Skill Provides:

  • Spring Boot project scaffolding with layered architecture
  • JPA entity and repository generation with optimized queries
  • RESTful API endpoint scaffolding with proper error handling
  • Spring Security configuration (OAuth2, JWT, RBAC)
  • Dependency analysis and upgrade recommendations
  • JVM performance profiling and optimization guidance

Use this skill when:

  • Starting new Spring Boot projects or microservices
  • Implementing JPA/Hibernate data layers
  • Designing RESTful APIs with Spring MVC or WebFlux
  • Setting up authentication and authorization
  • Optimizing JVM and application performance
  • Reviewing Java code for quality and patterns

Core Value: Save 60%+ time on project scaffolding while ensuring enterprise-grade architecture, security compliance, and performance optimization.

Core Capabilities

  • Spring Boot Scaffolding - Generate production-ready Spring Boot 3.x projects with layered architecture, Docker configuration, and CI/CD pipelines
  • Entity Generation - Create JPA entities with repositories, services, controllers, DTOs, and mappers following DDD patterns
  • API Development - Scaffold RESTful endpoints with validation, error handling, pagination, and OpenAPI documentation
  • Security Implementation - Configure Spring Security with OAuth2, JWT, role-based access control, and security best practices
  • Dependency Management - Analyze dependencies for vulnerabilities, outdated versions, and upgrade paths
  • Performance Optimization - Profile JVM applications, identify bottlenecks, and generate optimization recommendations

Quick Start

Create Spring Boot Project

# Create microservice with PostgreSQL
python scripts/spring_project_scaffolder.py order-service --type microservice --db postgresql

# Create monolith with MySQL and security
python scripts/spring_project_scaffolder.py ecommerce-app --type monolith --db mysql --security oauth2

# Create reactive WebFlux service
python scripts/spring_project_scaffolder.py notification-service --type reactive --db mongodb

Generate JPA Entity

# Generate complete entity stack (entity, repository, service, controller, DTO)
python scripts/entity_generator.py Product --fields "id:Long,name:String,price:BigDecimal,category:String,createdAt:LocalDateTime"

# Generate with relationships
python scripts/entity_generator.py Order --fields "id:Long,customer:Customer,items:List\x3COrderItem>,total:BigDecimal" --relations "customer:ManyToOne,items:OneToMany"

Analyze Dependencies

# Check for vulnerabilities and updates
python scripts/dependency_analyzer.py pom.xml --check-security

# Generate upgrade report
python scripts/dependency_analyzer.py build.gradle --output report.md

Access Documentation

  • Spring Boot patterns: references/spring-boot-best-practices.md
  • Microservices design: references/microservices-patterns.md
  • JPA/Hibernate guide: references/jpa-hibernate-guide.md
  • Security reference: references/spring-security-reference.md
  • Performance tuning: references/java-performance-tuning.md

Key Workflows

1. New Spring Boot Microservice

Time: 30-45 minutes

  1. Scaffold Project - Generate microservice with Spring Boot 3.x, Docker, and CI/CD

    python scripts/spring_project_scaffolder.py inventory-service --type microservice --db postgresql --security jwt

  2. Configure Environment - Set up application.yml with profiles (dev, staging, prod)

    cd inventory-service
# Edit src/main/resources/application.yml
# Configure database, security, and service discovery

  3. Generate Entities - Create domain model with JPA entities

    python scripts/entity_generator.py Inventory --fields "id:Long,productId:Long,quantity:Integer,warehouse:String"
python scripts/entity_generator.py InventoryMovement --fields "id:Long,inventory:Inventory,quantity:Integer,type:MovementType,timestamp:LocalDateTime"

  4. Implement Business Logic - Add service layer logic and validation rules

  5. Add Tests - Generate unit and integration tests

    # Run tests
./mvnw test
./mvnw verify  # Integration tests

  6. Build and Deploy

    ./mvnw clean package -DskipTests
docker build -t inventory-service:latest .

See spring-boot-best-practices.md for complete setup patterns.

2. REST API Development

Time: 20-30 minutes per endpoint group

  1. Design API Contract - Define endpoints following REST conventions

    python scripts/api_endpoint_generator.py products --methods GET,POST,PUT,DELETE --paginated

  2. Implement Validation - Add Jakarta validation annotations and custom validators

  3. Configure Error Handling - Set up global exception handler with problem details (RFC 7807)

  4. Add OpenAPI Documentation - Configure SpringDoc for automatic API docs

  5. Test Endpoints - Generate integration tests with MockMvc or WebTestClient

See spring-boot-best-practices.md for API design patterns.

3. JPA/Hibernate Optimization

Time: 1-2 hours for complex data models

  1. Analyze Current Queries - Profile repository methods for N+1 problems

    python scripts/performance_profiler.py --analyze-queries src/

  2. Optimize Fetch Strategies - Configure lazy/eager loading appropriately

  3. Add Query Hints - Implement entity graphs and query hints for complex queries

  4. Configure Caching - Set up Hibernate second-level cache with Hazelcast or Redis

  5. Implement Pagination - Use Spring Data's Slice or Page for large datasets

See jpa-hibernate-guide.md for optimization patterns.

4. Spring Security Implementation

Time: 1-2 hours

  1. Generate Security Config - Create security configuration for chosen auth method

    python scripts/security_config_generator.py --type jwt --roles ADMIN,USER,MANAGER

  2. Configure OAuth2/JWT - Set up token generation, validation, and refresh

  3. Implement RBAC - Add role-based access control to endpoints

  4. Add Method Security - Configure @PreAuthorize and @PostAuthorize annotations

  5. Test Security - Generate security integration tests

See spring-security-reference.md for security patterns.

Python Tools

spring_project_scaffolder.py

Generate production-ready Spring Boot project structures with complete configuration.

Key Features:

  • Spring Boot 3.x with Java 17/21 support
  • Multiple project types (microservice, monolith, reactive)
  • Database configuration (PostgreSQL, MySQL, MongoDB, H2)
  • Docker and Docker Compose setup
  • GitHub Actions CI/CD pipeline
  • Layered architecture (controller, service, repository)
  • Lombok and MapStruct integration

Common Usage:

# Microservice with PostgreSQL and JWT security
python scripts/spring_project_scaffolder.py user-service --type microservice --db postgresql --security jwt

# Monolith with MySQL and OAuth2
python scripts/spring_project_scaffolder.py ecommerce --type monolith --db mysql --security oauth2

# Reactive service with MongoDB
python scripts/spring_project_scaffolder.py notification-service --type reactive --db mongodb

# Help
python scripts/spring_project_scaffolder.py --help

entity_generator.py

Generate complete JPA entity stacks with repository, service, controller, and DTO.

Key Features:

  • JPA entity with Lombok annotations
  • Spring Data JPA repository with custom queries
  • Service layer with transaction management
  • REST controller with validation
  • DTO and mapper (MapStruct)
  • Relationship support (OneToMany, ManyToOne, ManyToMany)

Common Usage:

# Basic entity
python scripts/entity_generator.py Customer --fields "id:Long,name:String,email:String"

# Entity with relationships
python scripts/entity_generator.py Order --fields "id:Long,customer:Customer,total:BigDecimal" --relations "customer:ManyToOne"

# Entity with audit fields
python scripts/entity_generator.py Product --fields "id:Long,name:String,price:BigDecimal" --auditable

# Help
python scripts/entity_generator.py --help

api_endpoint_generator.py

Scaffold RESTful API endpoints with validation and documentation.

Key Features:

  • CRUD endpoint generation
  • Request/response DTOs
  • Jakarta validation annotations
  • OpenAPI annotations
  • Pagination support
  • Error handling

Common Usage:

# Full CRUD endpoints
python scripts/api_endpoint_generator.py orders --methods GET,POST,PUT,DELETE

# Read-only with pagination
python scripts/api_endpoint_generator.py reports --methods GET --paginated

# Help
python scripts/api_endpoint_generator.py --help

security_config_generator.py

Generate Spring Security configuration for various authentication methods.

Key Features:

  • JWT authentication setup
  • OAuth2 resource server configuration
  • Role-based access control
  • Method security configuration
  • CORS and CSRF configuration
  • Security filter chain

Common Usage:

# JWT security with roles
python scripts/security_config_generator.py --type jwt --roles ADMIN,USER

# OAuth2 resource server
python scripts/security_config_generator.py --type oauth2 --issuer-uri https://auth.example.com

# Help
python scripts/security_config_generator.py --help

dependency_analyzer.py

Analyze Maven/Gradle dependencies for vulnerabilities and updates.

Key Features:

  • Security vulnerability scanning
  • Outdated dependency detection
  • Upgrade path recommendations
  • Dependency tree analysis
  • License compliance checking

Common Usage:

# Analyze Maven project
python scripts/dependency_analyzer.py pom.xml

# Analyze Gradle with security focus
python scripts/dependency_analyzer.py build.gradle --check-security

# Generate markdown report
python scripts/dependency_analyzer.py pom.xml --output report.md

# Help
python scripts/dependency_analyzer.py --help

performance_profiler.py

Profile JVM applications and generate optimization recommendations.

Key Features:

  • Query analysis for N+1 detection
  • Memory usage patterns
  • GC behavior analysis
  • Thread pool recommendations
  • Connection pool optimization
  • JVM flag recommendations

Common Usage:

# Analyze source for performance issues
python scripts/performance_profiler.py --analyze-queries src/

# Profile running application
python scripts/performance_profiler.py --profile http://localhost:8080/actuator

# Generate optimization report
python scripts/performance_profiler.py src/ --output performance-report.md

# Help
python scripts/performance_profiler.py --help

Reference Documentation

When to Use Each Reference

spring-boot-best-practices.md - Spring Boot Patterns

  • Project structure and layered architecture
  • Configuration management with profiles
  • API design and error handling
  • Testing strategies (unit, integration, contract)
  • Production readiness (actuator, monitoring)

microservices-patterns.md - Microservices Architecture

  • Service decomposition strategies
  • Spring Cloud components (Config, Gateway, Discovery)
  • Inter-service communication (REST, gRPC, messaging)
  • Distributed tracing and observability
  • Circuit breaker and resilience patterns

jpa-hibernate-guide.md - Data Layer

  • Entity design and mapping strategies
  • Repository patterns and custom queries
  • Fetch optimization and N+1 prevention
  • Caching strategies (first-level, second-level)
  • Transaction management

spring-security-reference.md - Security

  • Authentication methods (JWT, OAuth2, SAML)
  • Authorization patterns (RBAC, ABAC)
  • Security filter chain configuration
  • Method security annotations
  • Security testing

java-performance-tuning.md - Performance

  • JVM tuning and GC optimization
  • Connection pool configuration
  • Caching strategies
  • Async processing and virtual threads
  • Profiling and monitoring tools

Best Practices

Quality Standards

  • Code Coverage: Target 80%+ for business logic, 60%+ overall
  • API Documentation: 100% endpoint coverage with OpenAPI
  • Security Scanning: Zero critical/high vulnerabilities
  • Performance: P99 latency \x3C 200ms for CRUD operations

Common Pitfalls to Avoid

  • N+1 Queries - Always use entity graphs or fetch joins for relationships
  • Missing Transactions - Ensure @Transactional on service methods modifying data
  • Blocking in WebFlux - Never use blocking calls in reactive pipelines
  • Hardcoded Configuration - Use externalized configuration with profiles
  • Missing Validation - Always validate input at controller layer
  • Open Sessions in View - Disable OSIV anti-pattern in production

See spring-boot-best-practices.md for detailed guidelines.

Performance Metrics

Development Efficiency:

  • Project scaffolding time (target: \x3C 30 minutes)
  • Entity stack generation (target: \x3C 5 minutes per entity)
  • Security setup time (target: \x3C 1 hour)

Code Quality:

  • Test coverage (target: 80%+)
  • Static analysis issues (target: 0 critical/high)
  • Documentation coverage (target: 100% public APIs)

Runtime Performance:

  • P99 latency (target: \x3C 200ms)
  • Throughput (target: > 1000 RPS per instance)
  • Memory efficiency (target: \x3C 512MB heap for typical service)

Integration

This skill works best with:

  • senior-backend - For general API patterns and database design
  • senior-architect - For system design and microservices architecture decisions
  • senior-devops - For CI/CD pipeline and Kubernetes deployment
  • senior-security - For security audits and penetration testing

See spring-boot-best-practices.md for CI/CD and automation integration examples.

Composability & Integration

Skill Composition Patterns

This skill receives input from:

  • senior-architect - Architecture decisions inform project scaffolding choices
  • business-analyst-toolkit - Requirements define entity models and API contracts
  • product-manager-toolkit - User stories guide feature implementation

This skill provides output to:

  • senior-devops - Generated projects include Dockerfile and CI/CD configuration
  • senior-qa - Generated code includes test scaffolding for QA automation
  • technical-writer - OpenAPI specs feed API documentation generation

Recommended Skill Combinations

Workflow Pattern 1: Microservices Development

senior-architect → senior-java → senior-devops

Use this pattern for designing and deploying microservices with proper architecture review.

Workflow Pattern 2: Full-Stack Feature

senior-java → senior-frontend → senior-qa

Use this pattern for end-to-end feature implementation with backend API, frontend UI, and testing.

Benefits

Time Savings:

  • 60% faster project scaffolding vs. manual setup
  • 50% reduction in boilerplate code through generation
  • 40% faster security implementation with templates

Quality Improvements:

  • Consistent architecture across projects
  • Built-in security best practices
  • Comprehensive test coverage templates

Business Impact:

  • Faster time-to-market for new services
  • Reduced technical debt through standardization
  • Lower maintenance costs through consistency

Next Steps

Getting Started:

  1. Run python scripts/spring_project_scaffolder.py my-service --type microservice --db postgresql to create your first project
  2. Review generated structure and customize configuration
  3. Generate entities with python scripts/entity_generator.py

Advanced Usage:

  • Configure Spring Cloud for service discovery
  • Implement reactive patterns with WebFlux
  • Set up distributed tracing with Micrometer

Additional Resources

Documentation: Full skill guide and workflows available in this file

Support: For issues or questions, refer to domain guide at ../CLAUDE.md

Version: 1.0.0 | Last Updated: 2025-12-16 | Status: Production Ready

Usage Guidance
This package appears coherent for its stated purpose: scaffolding and Java/Spring guidance implemented as Python automation scripts plus docs. Before you run anything: (1) inspect the full contents of the six Python scripts for network calls, subprocess.exec/OS commands, or any reads of sensitive paths; (2) run the scripts in an isolated environment (ephemeral VM, container) first; (3) do not supply production secrets (DB credentials, JWT secrets, cloud keys) to the tool — generate projects with placeholder values and inject real secrets via your normal secret manager; (4) if a script reaches out to external URLs or runs commands that modify system files, require justification or refuse to run until reviewed. Because some files were truncated in the available package preview, I have medium confidence — a full code review of the scripts would raise confidence to high.
Capability Analysis
Type: OpenClaw Skill Name: fix-druid-loophole-cve-senior-java Version: 0.1.0 The skill bundle is a comprehensive set of Java and Spring Boot development tools, including project scaffolding, entity generation, and dependency analysis. The Python scripts (e.g., spring_project_scaffolder.py, entity_generator.py) use only the standard library to generate boilerplate code and perform static analysis on local files, with no evidence of network exfiltration, shell execution, or malicious intent. While the metadata slug 'fix-druid-loophole-cve-senior-java' is inconsistent with the general-purpose content, the code and instructions are well-aligned with the stated purpose of assisting in enterprise Java development.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
Name/description (senior-java: Spring Boot scaffolding, entities, security, profiling) matches the shipped assets: six Python automation scripts plus comprehensive reference docs. There are no unrelated required env vars or binaries declared.
Instruction Scope
SKILL.md instructs running the included Python scripts to scaffold projects, generate entities, analyze dependencies and profile performance — these actions are within the stated purpose. However, those scripts (which perform file I/O, project creation, and possibly network calls for dependency lookups) will run on the host; the review did not include the full contents of some script files in the package, so their exact runtime behavior (e.g., network endpoints contacted, files read outside the workspace) could not be fully verified.
Install Mechanism
No install spec and no external downloads are declared. The skill is instruction-only (scripts live inside the package) so nothing will be fetched or installed automatically by the skill manager; risk from the install mechanism is low.
Credentials
The skill declares no required environment variables, credentials, or config paths. Example project templates reference common runtime secrets (DATABASE_URL, JWT_SECRET) but those are for generated projects and are not required at install time — this is proportionate.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It is user-invocable and may be invoked autonomously (platform default), which is expected for a tooling skill; nothing indicates it modifies other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install fix-druid-loophole-cve-senior-java
  3. After installation, invoke the skill by name or use /fix-druid-loophole-cve-senior-java
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Bulk publish from all-task-skills-dedup
Metadata
Slug fix-druid-loophole-cve-senior-java
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is senior-java?

World-class Java and Spring Boot development skill for enterprise applications, microservices, and cloud-native systems. Expertise in Spring Framework, Sprin... It is an AI Agent Skill for Claude Code / OpenClaw, with 73 downloads so far.

How do I install senior-java?

Run "/install fix-druid-loophole-cve-senior-java" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is senior-java free?

Yes, senior-java is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does senior-java support?

senior-java is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created senior-java?

It is built and maintained by wu-uk (@wu-uk); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments