Testing Spring Security authorization often means spinning up full contexts or discovering your @PreAuthorize annotations aren't actually doing anything because you forgot @EnableMethodSecurity. This skill gives you the patterns to test role-based access control with @WithMockUser, verify both allow and deny cases, and catch the silent failure modes where security gets bypassed. It covers @PreAuthorize, @Secured, @RolesAllowed, custom permission evaluators, and expression-based rules. The included validation tips are solid, especially the reminder that method security works through proxies and that you need to test the access denied path just as much as the happy path.
npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill unit-test-security-authorization