Skip to content

@RolesAllowed and list/toolscall #533

@sebastienblanc

Description

@sebastienblanc

Hi,

Not sure if it's a bug or a feature request : I'm securing my MCP Server with quarkus-oidc , on top of the @authenticated on the class level I have roles defined for my tools :

  @RolesAllowed("platform-team")
    @Tool(name = "add-new-db-region", description = "Add a new database region")
    public String addNewDBRegion(String region) {
        Log.info("Adding new DB region: " + region);
        return "New DB region added: " + region;
    }

    @RolesAllowed("feature-team")
    @Tool(name = "request-new-db-region", description = "Request a new database region")
    public String requestNewDBRegion(String region) {
        Log.info("Request a new DB region: " + region);
        return "DB region requested: " + region;
    }

Calling the tool where the token has not the role is working as expected but the MCP Client still receives this tool in the beginning when doing the list/tools, shouldn't the tools be filtered out based on the @RolesAllowed or is this a feature request ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions