Package org.springaicommunity.mcp.security.server.config

Class McpApiKeyConfigurer

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<McpApiKeyConfigurer,org.springframework.security.config.annotation.web.builders.HttpSecurity>
org.springaicommunity.mcp.security.server.config.McpApiKeyConfigurer
All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
public class McpApiKeyConfigurer extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<McpApiKeyConfigurer,org.springframework.security.config.annotation.web.builders.HttpSecurity>
Author:
Daniel Garnier-Moiroux

  • Constructor Summary

    Constructors
    Constructor
    Description
    McpApiKeyConfigurer()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    McpApiKeyConfigurer
    apiKeyRepository(ApiKeyEntityRepository<?> apiKeyEntityRepository)
    REQUIRED: The repository for storing API keys.
    McpApiKeyConfigurer
    authenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
    Method for extracting an API key from an HTTP request.
    void
    configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
     
    McpApiKeyConfigurer
    headerName(String headerName)
    The name of the header from which to extract the API key.
    void
    init(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
     
    static McpApiKeyConfigurer
    mcpServerApiKey()
     

    Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

    disable, getRequestMatcherBuilder, getSecurityContextHolderStrategy, withObjectPostProcessor

    Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

    addObjectPostProcessor, getBuilder, postProcess, setBuilder

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • McpApiKeyConfigurer

      public McpApiKeyConfigurer()

  • Method Details

    • init

      public void init(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
      Specified by:
      init in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
      Overrides:
      init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>

    • configure

      public void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
      Specified by:
      configure in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>
      Overrides:
      configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,org.springframework.security.config.annotation.web.builders.HttpSecurity>

    • apiKeyRepository

      public McpApiKeyConfigurer apiKeyRepository(ApiKeyEntityRepository<?> apiKeyEntityRepository)
      REQUIRED: The repository for storing API keys.

    • headerName

      public McpApiKeyConfigurer headerName(String headerName)
      The name of the header from which to extract the API key. Defaults to ApiKeyAuthenticationFilter.DEFAULT_API_KEY_HEADER.

      If authenticationConverter(AuthenticationConverter) is set, then this is ignored.

    • authenticationConverter

      public McpApiKeyConfigurer authenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
      Method for extracting an API key from an HTTP request.

      For example: 

        request -> {
      var headerValue = request.getHeader("Authorization");
      if (!StringUtils.hasText(headerValue)
      || !headerValue.contains("Bearer ")) {
          return null;
      }
      var tokenValue = headerValue.replace("Bearer ", "");
      var apiKey = ApiKeyImpl.from(tokenValue);
      return ApiKeyAuthenticationToken.unauthenticated(apiKey);
  };

      Overrides the value from headerName(String).

    • mcpServerApiKey

      public static McpApiKeyConfigurer mcpServerApiKey()