How Spring Boot and MCP Enable Java to Lead the AI Agent Ecosystem
This article explains the Model Context Protocol (MCP), compares it with traditional function calling, and walks through building a Spring Boot MCP server that lets Claude Desktop automatically invoke Java tools, covering architecture, code examples, security extensions, and future enterprise AI integrations.
MCP Overview
Model Context Protocol (MCP) is a standard protocol that enables AI agents to communicate with external systems, effectively acting as a "USB interface" for AI‑native tool calling.
Why MCP emerged
Traditional function calling suffers from several problems:
Inconsistent model protocols across vendors.
Different tool description formats.
Missing context standards.
Poor extensibility for agents.
Complex manual tool management.
No standardized resource handling.
What MCP standardizes
Tool invocation.
Prompt format.
Resource representation.
Context representation.
Agent extension mechanisms.
Architecture and call flow
Claude Desktop
│
│ MCP
▼
Spring Boot MCP Server
│
┌──────┼──────────┐
▼ ▼ ▼
MySQL Redis HTTP APIThe end‑to‑end interaction proceeds as follows:
User asks Claude a question, e.g., "Query user ID 1".
Claude discovers that the MCP server exposes a tool named queryUser.
Claude automatically calls the tool with the supplied parameters.
The Spring Boot service executes the business logic and returns a User object.
Claude formats the result into natural language for the user.
Building a Spring Boot MCP Server
Project structure
spring-ai-mcp-demo
├── controller
├── tool
├── service
├── config
└── resourcesCore dependencies (pom.xml)
<dependencies>
<!-- Spring Boot -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- Spring AI MCP starter -->
<dependency>
<groupId>org.springframework.ai</groupId>
<artifactId>spring-ai-starter-mcp-server-webmvc</artifactId>
</dependency>
<!-- Lombok (optional) -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
</dependencies>The starter spring-ai-starter-mcp-server-webmvc automatically exposes the MCP server, registers tools, manages the protocol, and connects to AI clients.
Application configuration (application.yml)
server:
port: 8080
spring:
ai:
mcp:
server:
enabled: true
name: spring-ai-mcp-server
version: 1.0.0After starting the application, it becomes an MCP server ready to receive tool calls.
Entity definition
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
private Long id;
private String name;
private Integer age;
}Tool implementation
@Service
public class UserToolService {
@Tool(description = "Query user information by ID")
public User queryUser(Long id) {
System.out.println("AI is calling queryUser");
return new User(id, "张三", 18);
}
}The tool is defined as a regular Spring bean, allowing Java enterprise systems to integrate AI with minimal effort.
Running the server
Execute the SpringAiMcpApplication class. The running Spring Boot application now serves as an MCP server.
Connecting Claude Desktop
Claude Desktop supports MCP on macOS and Windows. Configure the client with a JSON file that points to the MCP server:
{
"mcpServers": {
"spring-ai-server": {
"command": "java",
"args": ["-jar", "/Users/demo/spring-ai-mcp.jar"]
}
}
}After restarting Claude, it discovers the queryUser tool and can invoke it automatically.
Enterprise‑level MCP extensions
Tool permission control
@PreAuthorize("hasRole('ADMIN')")
@Tool(description = "Delete user")
public String deleteUser(Long id) {
return "success";
}This ensures that AI‑driven tool calls respect the existing security roles.
Tool auditing
@Slf4j
@Component
public class ToolAuditInterceptor {
public void audit(String toolName) {
log.info("AI called Tool: {}", toolName);
}
}Auditing records which tools the AI invoked.
Rate limiting
Prevent runaway AI calls by applying libraries such as Bucket4j or a Redis‑based rate limiter.
Multi‑tenant isolation
Scope tool access by a tenant identifier (e.g., tenantId) so that each tenant can only invoke its own tools.
Prompt‑injection defense
Mitigate prompt injection attacks by enforcing a tool whitelist, validating parameters, and performing security audits.
MCP vs. traditional Function Calling
Standardization : weak in function calling, strong in MCP.
Context handling : weak vs. strong.
Tool management : manual registration vs. automatic discovery.
Resource support : none vs. available.
Agent support : limited vs. very strong.
Extensibility : average vs. high.
Implications for Java
Enterprise requirements such as permission systems, micro‑services, data governance, workflow orchestration, middleware, and security align with MCP's capabilities. Consequently, Java is well‑positioned to serve as the core language for AI‑native enterprise infrastructure.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
LuTiao Programming
LuTiao Programming is a friendly community offering free programming lessons. We inspire learners to explore new ideas and technologies and quickly acquire job-ready skills.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
