How to Extend Spring AI MCP Server for Authentication and Authorization
This article walks through extending a Spring AI MCP Server to add authentication and authorization, comparing header‑based and parameter‑based schemes, showing the required Maven dependency, source code modifications, custom transport provider, interceptor integration, and testing the secured endpoints.
Most developers now build their own MCP Servers with Spring AI, but the default server lacks any permission checks, which raises security concerns when exposing the service to others.
The article proposes two simple authentication approaches: using an API‑Key or Bearer token passed in HTTP request headers, or passing the key as a request parameter. An example configuration for Baidu Maps demonstrates the parameter‑based method:
{
"mcpServers": {
"baidu-maps": {
"url": "https://mcp.map.baidu.com/sse?ak=YOUR_AK"
}
}
}To implement header‑based authentication, the author adds the Alibaba transmittable-thread-local (TTL) library (v2.14.3) to share request data across threads:
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>transmittable-thread-local</artifactId>
<version>2.14.3</version>
</dependency>A McpAuthRequestContext class is created to store the API‑Key for the current thread.
The original WebMvcSseServerTransportProvider source is copied, renamed to SupportAuthMcpServerTransportProvider, and modified to accept an authentication interceptor via its constructor.
The router functions are defined as:
this.routerFunction = RouterFunctions.route()
.GET(this.sseEndpoint, this::handleSseConnection)
.POST(this.messageEndpoint, this::handleMessage)
.build();An AuthInterceptor interface is introduced, and its implementation checks whether the supplied key exists and is within its validity period by querying a database or Redis.
The interceptor is injected into the new transport provider, and the provider is registered in McpServerAutoConfiguration so that the MCP Server uses the enhanced transport layer.
During session creation and message handling, the code now invokes the interceptor to reject unauthorized requests.
Testing shows that an incorrect header results in an error response, while a correct Authorization: Bearer xxx header allows the client to access the /messages endpoint successfully.
The article also outlines how to extend the same logic to support parameter‑based authentication by first checking the header and then falling back to request parameters, allowing both methods in a single server.
Finally, the author lists further improvement ideas such as standard header parsing, applying design patterns (singleton, strategy, observer), and differentiating auth handling per MCP request type.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Ubiquitous Tech
A ubiquitous public account for pirate enthusiasts, regularly sharing curated experiences, tech learning, and growth insights. Currently publishing articles on AI RAG customer service, AI MCP technology, and open-source design. Personal free Knowledge Planet: Awakening New World Programmer.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
