Implement MCP proxy with zero trust security integration

Co-authored-by: phrocker <[email protected]>

Author: Copilot

llm-proxy/src/main/java/io/sentrius/sso/controllers/api/mcp/MCPProxyController.java

@@ -0,0 +1,183 @@
+package io.sentrius.sso.controllers.api.mcp;
+
+import io.sentrius.sso.core.controllers.BaseController;
+import io.sentrius.sso.core.annotations.LimitAccess;
+import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
+import io.sentrius.sso.core.services.UserService;
+import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.services.ErrorOutputService;
+import io.sentrius.sso.core.services.security.KeycloakService;
+import io.sentrius.sso.mcp.model.MCPRequest;
+import io.sentrius.sso.mcp.model.MCPResponse;
+import io.sentrius.sso.mcp.model.MCPError;
+import io.sentrius.sso.mcp.service.MCPProxyService;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.util.Map;
+
+/**
+ * MCP (Model Context Protocol) Proxy Controller with Zero Trust Security
+ * 
+ * Provides secure MCP endpoints with the same security controls as other Sentrius services:
+ * - JWT authentication via Keycloak
+ * - Zero Trust Access Token (ZTAT) validation
+ * - Access control via @LimitAccess annotations
+ * - Provenance tracking for audit trails
+ */
+@RestController
+@RequestMapping("/api/v1/mcp")
+@Slf4j
+public class MCPProxyController extends BaseController {
+
+    private final KeycloakService keycloakService;
+    private final MCPProxyService mcpProxyService;
+    private final ObjectMapper objectMapper;
+
+    public MCPProxyController(
+        UserService userService, 
+        SystemOptions systemOptions,
+        ErrorOutputService errorOutputService,
+        KeycloakService keycloakService,
+        MCPProxyService mcpProxyService,
+        ObjectMapper objectMapper
+    ) {
+        super(userService, systemOptions, errorOutputService);
+        this.keycloakService = keycloakService;
+        this.mcpProxyService = mcpProxyService;
+        this.objectMapper = objectMapper;
+    }
+
+    /**
+     * Handle MCP requests via HTTP POST
+     */
+    @PostMapping("/")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_LOG_IN})
+    public ResponseEntity<?> handleMCPRequest(
+            @RequestHeader("Authorization") String token,
+            @RequestHeader("communication_id") String communicationId,
+            HttpServletRequest request, 
+            HttpServletResponse response,
+            @RequestBody String rawBody) {
+        
+        log.info("Received MCP request with communication_id: {}", communicationId);
+        
+        String compactJwt = extractJwtToken(token);
+        
+        // Validate JWT token
+        if (!keycloakService.validateJwt(compactJwt)) {
+            log.warn("Invalid Keycloak token for MCP request");
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(createErrorResponse(null, MCPError.unauthorized("Invalid Keycloak token")));
+        }
+
+        // Get operating user
+        var operatingUser = getOperatingUser(request, response);
+        if (operatingUser == null) {
+            log.warn("No operating user found for MCP request");
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(createErrorResponse(null, MCPError.unauthorized("No operating user found")));
+        }
+
+        try {
+            // Parse MCP request
+            MCPRequest mcpRequest = objectMapper.readValue(rawBody, MCPRequest.class);
+            
+            // Validate MCP request structure
+            if (mcpRequest.getMethod() == null || mcpRequest.getId() == null) {
+                return ResponseEntity.badRequest()
+                    .body(createErrorResponse(mcpRequest.getId(), MCPError.invalidRequest("Missing required fields")));
+            }
+            
+            // Process the request through the service layer
+            MCPResponse mcpResponse = mcpProxyService.processRequest(
+                mcpRequest, compactJwt, communicationId, operatingUser.getUsername()
+            );
+            
+            return ResponseEntity.ok(mcpResponse);
+            
+        } catch (JsonProcessingException e) {
+            log.error("Failed to parse MCP request", e);
+            return ResponseEntity.badRequest()
+                .body(createErrorResponse(null, MCPError.parseError("Invalid JSON format")));
+        } catch (Exception e) {
+            log.error("Unexpected error processing MCP request", e);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                .body(createErrorResponse(null, MCPError.internalError("Internal server error")));
+        }
+    }
+
+    /**
+     * Handle MCP capability discovery
+     */
+    @GetMapping("/capabilities")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_LOG_IN})
+    public ResponseEntity<?> getCapabilities(
+            @RequestHeader("Authorization") String token,
+            HttpServletRequest request, 
+            HttpServletResponse response) {
+        
+        String compactJwt = extractJwtToken(token);
+        
+        if (!keycloakService.validateJwt(compactJwt)) {
+            log.warn("Invalid Keycloak token for MCP capabilities request");
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(MCPError.unauthorized("Invalid Keycloak token"));
+        }
+
+        var operatingUser = getOperatingUser(request, response);
+        if (operatingUser == null) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(MCPError.unauthorized("No operating user found"));
+        }
+
+        try {
+            // Create an initialize request to get capabilities
+            MCPRequest initRequest = MCPRequest.create("capabilities", "initialize", null);
+            MCPResponse mcpResponse = mcpProxyService.processRequest(
+                initRequest, compactJwt, "capabilities", operatingUser.getUsername()
+            );
+            
+            return ResponseEntity.ok(mcpResponse.getResult());
+            
+        } catch (Exception e) {
+            log.error("Error getting MCP capabilities", e);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                .body(MCPError.internalError("Failed to get capabilities"));
+        }
+    }
+
+    /**
+     * Health check endpoint for MCP proxy
+     */
+    @GetMapping("/health")
+    public ResponseEntity<?> health() {
+        return ResponseEntity.ok(Map.of(
+            "status", "healthy",
+            "service", "mcp-proxy",
+            "timestamp", java.time.Instant.now().toString()
+        ));
+    }
+
+    /**
+     * Extract JWT token from Authorization header
+     */
+    private String extractJwtToken(String authHeader) {
+        return authHeader != null && authHeader.startsWith("Bearer ") ? 
+            authHeader.substring(7) : authHeader;
+    }
+
+    /**
+     * Create error response in MCP format
+     */
+    private MCPResponse createErrorResponse(String id, MCPError error) {
+        return MCPResponse.error(id, error);
+    }
+}

llm-proxy/src/main/java/io/sentrius/sso/mcp/config/MCPProxyConfig.java

@@ -0,0 +1,23 @@
+package io.sentrius.sso.mcp.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+/**
+ * Configuration for MCP proxy services
+ */
+@Configuration
+public class MCPProxyConfig {
+
+    @Bean
+    public RestTemplate mcpRestTemplate() {
+        return new RestTemplate();
+    }
+
+    @Bean
+    public ObjectMapper mcpObjectMapper() {
+        return new ObjectMapper();
+    }
+}

llm-proxy/src/main/java/io/sentrius/sso/mcp/config/MCPWebSocketConfig.java

@@ -0,0 +1,106 @@
+package io.sentrius.sso.mcp.config;
+
+import io.sentrius.sso.mcp.websocket.MCPWebSocketHandler;
+import io.sentrius.sso.core.services.security.KeycloakService;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.socket.config.annotation.EnableWebSocket;
+import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
+import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;
+import org.springframework.web.socket.server.HandshakeInterceptor;
+import org.springframework.http.server.ServerHttpRequest;
+import org.springframework.http.server.ServerHttpResponse;
+import org.springframework.web.socket.WebSocketHandler;
+
+import java.util.Map;
+
+/**
+ * WebSocket configuration for MCP (Model Context Protocol) endpoints
+ */
+@Configuration
+@EnableWebSocket
+@RequiredArgsConstructor
+public class MCPWebSocketConfig implements WebSocketConfigurer {
+
+    private final MCPWebSocketHandler mcpWebSocketHandler;
+    private final KeycloakService keycloakService;
+
+    @Override
+    public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
+        registry.addHandler(mcpWebSocketHandler, "/api/v1/mcp/ws")
+                .addInterceptors(new MCPHandshakeInterceptor())
+                .setAllowedOrigins("*"); // Configure as needed for security
+    }
+
+    /**
+     * Handshake interceptor to validate authentication before WebSocket connection
+     */
+    private class MCPHandshakeInterceptor implements HandshakeInterceptor {
+
+        @Override
+        public boolean beforeHandshake(
+                ServerHttpRequest request, 
+                ServerHttpResponse response,
+                WebSocketHandler wsHandler, 
+                Map<String, Object> attributes) throws Exception {
+            
+            // Extract authentication parameters from query params or headers
+            String token = extractToken(request);
+            String communicationId = extractParameter(request, "communication_id");
+            String userId = extractParameter(request, "user_id");
+            
+            if (token == null || communicationId == null || userId == null) {
+                return false; // Reject connection
+            }
+            
+            // Validate JWT token
+            String jwt = token.startsWith("Bearer ") ? token.substring(7) : token;
+            if (!keycloakService.validateJwt(jwt)) {
+                return false; // Invalid token
+            }
+            
+            // Store validated parameters in session attributes
+            attributes.put("token", token);
+            attributes.put("communication_id", communicationId);
+            attributes.put("user_id", userId);
+            
+            return true; // Allow connection
+        }
+
+        @Override
+        public void afterHandshake(
+                ServerHttpRequest request, 
+                ServerHttpResponse response,
+                WebSocketHandler wsHandler, 
+                Exception exception) {
+            // No additional processing needed
+        }
+
+        private String extractToken(ServerHttpRequest request) {
+            // Try Authorization header first
+            String authHeader = request.getHeaders().getFirst("Authorization");
+            if (authHeader != null) {
+                return authHeader;
+            }
+            
+            // Fall back to query parameter
+            return extractParameter(request, "token");
+        }
+
+        private String extractParameter(ServerHttpRequest request, String paramName) {
+            String query = request.getURI().getQuery();
+            if (query == null) {
+                return null;
+            }
+            
+            for (String param : query.split("&")) {
+                String[] parts = param.split("=", 2);
+                if (parts.length == 2 && paramName.equals(parts[0])) {
+                    return parts[1];
+                }
+            }
+            return null;
+        }
+    }
+}

llm-proxy/src/main/java/io/sentrius/sso/mcp/model/MCPError.java

@@ -0,0 +1,61 @@
+package io.sentrius.sso.mcp.model;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import lombok.AllArgsConstructor;
+
+/**
+ * Represents an MCP error
+ */
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class MCPError {
+    
+    @JsonProperty("code")
+    private int code;
+    
+    @JsonProperty("message")
+    private String message;
+    
+    @JsonProperty("data")
+    private Object data;
+    
+    // Standard MCP error codes
+    public static final int PARSE_ERROR = -32700;
+    public static final int INVALID_REQUEST = -32600;
+    public static final int METHOD_NOT_FOUND = -32601;
+    public static final int INVALID_PARAMS = -32602;
+    public static final int INTERNAL_ERROR = -32603;
+    public static final int UNAUTHORIZED = -32001;
+    public static final int FORBIDDEN = -32002;
+    
+    public static MCPError parseError(String message) {
+        return new MCPError(PARSE_ERROR, message, null);
+    }
+    
+    public static MCPError invalidRequest(String message) {
+        return new MCPError(INVALID_REQUEST, message, null);
+    }
+    
+    public static MCPError methodNotFound(String method) {
+        return new MCPError(METHOD_NOT_FOUND, "Method not found: " + method, null);
+    }
+    
+    public static MCPError invalidParams(String message) {
+        return new MCPError(INVALID_PARAMS, message, null);
+    }
+    
+    public static MCPError internalError(String message) {
+        return new MCPError(INTERNAL_ERROR, message, null);
+    }
+    
+    public static MCPError unauthorized(String message) {
+        return new MCPError(UNAUTHORIZED, message != null ? message : "Unauthorized", null);
+    }
+    
+    public static MCPError forbidden(String message) {
+        return new MCPError(FORBIDDEN, message != null ? message : "Forbidden", null);
+    }
+}