Update User Guide with Mcp Server Security content

[alexheifetz]

This pull request introduces comprehensive documentation and examples for the new @SecureAgentTool annotation, which adds fine-grained, method-level access control to Embabel agent actions. It explains the motivation for this annotation, how it differs from Spring's @PreAuthorize, and provides guidance on integrating it with existing security layers in an MCP server. The documentation also clarifies how @SecureAgentTool complements guardrails and bean validation, and provides detailed setup instructions for both HTTP-level and method-level security.

Key documentation additions and improvements:

1. Security Annotation Reference and Usage

• Added a detailed section in page.adoc describing the @SecureAgentTool annotation, including its purpose, how it works, placement (class vs. method level), and supported Spring Security SpEL expressions. Includes Kotlin and Java code examples and setup instructions.

2. Integration with Guardrails and Validation

• Updated the guardrails documentation to explain how @SecureAgentTool provides access control, complementing guardrails (content safety) and bean validation (data validity). Cross-references the new annotation's documentation.

3. MCP Server Security Integration

• Added a new "Security" section to the MCP integrations documentation, explaining the two-layer security model: HTTP filter chain (JWT validation) and @SecureAgentTool (method-level authorization). Includes configuration examples for both layers and dependency setup.

These changes ensure users understand how to secure agent actions at both the transport and business logic levels, and how to combine @SecureAgentTool with other safety mechanisms.

[jasperblues]

Looks good to me, added one non-blocking comment for consideration.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud