spring-ai 学习系列(7)-MCP 安全认证
继续先前的MCP学习,实际企业级应用中,很多信息都是涉及商业敏感数据,需要考虑安全认证,不可能让MCP Server在网上裸奔。spring web开发中,提供了拦截器功能,最简单的思路,在Client连接到Server的sse时,拦截请求,检测http header头中,是否有必要的token信息(包括验证token是否合法)这次,我们使用spring web mvc来创建mcp server.
一、调整pom.xml
1 <dependencyManagement>
2 <dependencies>
3 <dependency>
4 <groupId>org.springframework.ai</groupId>
5 spring-ai-bom</artifactId>
6
7 <version>1.1.0-SNAPSHOT</version>
8 <type>pom</type>
9 <scope>import</scope>
10 </dependency>
11 </dependencies>
12 </dependencyManagement>
13
14 <dependencies>
15 <dependency>
16 <groupId>org.springframework.ai</groupId>
17 spring-ai-starter-mcp-server-webmvc</artifactId>
18 </dependency>
19 </dependencies>
20
21 <build>
22 <plugins>
23 <plugin>
24 <groupId>org.springframework.boot</groupId>
25 spring-boot-maven-plugin</artifactId>
26 </plugin>
27 </plugins>
28 </build>
29
30 <repositories>
31 <repository>
32 <id>spring-milestones</id>
33 <name>Spring Milestones</name>
34 <url>https://repo.spring.io/milestone</url>
35 <snapshots>
36 <enabled>false</enabled>
37 </snapshots>
38 </repository>
39 <repository>
40 <id>spring-snapshots</id>
41 <name>Spring Snapshots</name>
42 <url>https://repo.spring.io/snapshot</url>
43 <releases>
44 <enabled>false</enabled>
45 </releases>
46 </repository>
47 <repository>
48 <id>central-portal-snapshots</id>
49 <name>Central Portal Snapshots</name>
50 <url>https://central.sonatype.com/repository/maven-snapshots/</url>
51 <releases>
52 <enabled>false</enabled>
53 </releases>
54 <snapshots>
55 <enabled>true</enabled>
56 </snapshots>
57 </repository>
58 </repositories>View Code注:目前只有SNAPSHOT的spring-ai-starter-mcp-server-webmvc能运行正常。
二、添加1个拦截器
@Component
public class Interceptor implements HandlerInterceptor {
@Override
publicboolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String authorization = request.getHeader("Authorization");
if (authorization == null || !authorization.startsWith("Bearer ")) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
//模拟几个账号123456,234567,允许访问,其它拒绝
String token = authorization.substring(7);
if ("123456".equals(token) || "234567".equals(token)) {
return true;
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
}三、注册拦截器
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Autowired
private Interceptor interceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(interceptor)
.addPathPatterns("/sse","/mcp/messages");
}
} 启动后,再访问http://localhost:8080/sse,会得到1个401的错误码
在CherryStudio中设置时,必须添加正确的请求头,才能保存成功
有了正确的请求头,就能正常调用MCP Server了
参考:
Transports - Model Context Protocol
spring-ai-examples/model-context-protocol/weather/starter-webmvc-server at main · spring-projects/spring-ai-examples
来源:程序园用户自行投稿发布,如果侵权,请联系站长删除
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
页:
[1]