How to Extend Spring AI MCP Server for Authentication and Authorization

This article walks through extending a Spring AI MCP Server to add authentication and authorization, comparing header‑based and parameter‑based schemes, showing the required Maven dependency, source code modifications, custom transport provider, interceptor integration, and testing the secured endpoints.

Ubiquitous Tech
Ubiquitous Tech
Ubiquitous Tech
How to Extend Spring AI MCP Server for Authentication and Authorization

Most developers now build their own MCP Servers with Spring AI, but the default server lacks any permission checks, which raises security concerns when exposing the service to others.

The article proposes two simple authentication approaches: using an API‑Key or Bearer token passed in HTTP request headers, or passing the key as a request parameter. An example configuration for Baidu Maps demonstrates the parameter‑based method:

{
  "mcpServers": {
    "baidu-maps": {
      "url": "https://mcp.map.baidu.com/sse?ak=YOUR_AK"
    }
  }
}

To implement header‑based authentication, the author adds the Alibaba transmittable-thread-local (TTL) library (v2.14.3) to share request data across threads:

<dependency>
  <groupId>com.alibaba</groupId>
  <artifactId>transmittable-thread-local</artifactId>
  <version>2.14.3</version>
</dependency>

A McpAuthRequestContext class is created to store the API‑Key for the current thread.

The original WebMvcSseServerTransportProvider source is copied, renamed to SupportAuthMcpServerTransportProvider, and modified to accept an authentication interceptor via its constructor.

The router functions are defined as:

this.routerFunction = RouterFunctions.route()
    .GET(this.sseEndpoint, this::handleSseConnection)
    .POST(this.messageEndpoint, this::handleMessage)
    .build();

An AuthInterceptor interface is introduced, and its implementation checks whether the supplied key exists and is within its validity period by querying a database or Redis.

The interceptor is injected into the new transport provider, and the provider is registered in McpServerAutoConfiguration so that the MCP Server uses the enhanced transport layer.

During session creation and message handling, the code now invokes the interceptor to reject unauthorized requests.

Testing shows that an incorrect header results in an error response, while a correct Authorization: Bearer xxx header allows the client to access the /messages endpoint successfully.

The article also outlines how to extend the same logic to support parameter‑based authentication by first checking the header and then falling back to request parameters, allowing both methods in a single server.

Finally, the author lists further improvement ideas such as standard header parsing, applying design patterns (singleton, strategy, observer), and differentiating auth handling per MCP request type.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

JavaMCPttlAuthenticationauthorizationHTTP SSEspring-ai
Ubiquitous Tech
Written by

Ubiquitous Tech

A ubiquitous public account for pirate enthusiasts, regularly sharing curated experiences, tech learning, and growth insights. Currently publishing articles on AI RAG customer service, AI MCP technology, and open-source design. Personal free Knowledge Planet: Awakening New World Programmer.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.