Skip to content

SKILL.md

Latest commit

 

History

History
164 lines (90 loc) · 2.83 KB

SKILL.md

File metadata and controls

164 lines (90 loc) · 2.83 KB
name cwe-287-improper-authentication
description Use this skill when you need to remediate CWE-287 (Improper Authentication) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing improper authentication issues.
version 1.0.0
license MIT
tags
security
java
cwe-287
remediation
sast

CWE-287 Improper Authentication

Description

Improper Authentication

Reference: https://cwe.mitre.org/data/definitions/287.html

OWASP Category: A07:2021 – Identification and Authentication Failures

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: No authentication check
@GetMapping("/admin/users")
public List<User> getUsers() {
    return userRepository.findAll();
}

Why it's vulnerable: This pattern is vulnerable to Improper Authentication

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Require authentication
@GetMapping("/admin/users")
@PreAuthorize("hasRole('ADMIN')")
public List<User> getUsers(Authentication auth) {
    if (auth == null || !auth.isAuthenticated()) {
        throw new AccessDeniedException("Not authenticated");
    }
    return userRepository.findAll();
}

Why it's secure: Implements proper protection against Improper Authentication

Detection Pattern

Look for these patterns in your codebase:

# Find controllers without security annotations
grep -rn "@GetMapping\\|@PostMapping" --include="*.java" -A5 | grep -v "@PreAuthorize\\|@Secured"

Remediation Steps

  1. Add authentication checks to all protected endpoints

  2. Use Spring Security @PreAuthorize or @Secured annotations

  3. Verify authentication status before processing requests

Key Imports

import org.springframework.security.access.prepost.PreAuthorize;

import org.springframework.security.core.Authentication;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-287 vulnerability
Resolve Improper Authentication issue
Secure this Java code against improper authentication
SAST reports CWE-287

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07