mcp-server: polish McpApiKeyConfigurer

Signed-off-by: Daniel Garnier-Moiroux <[email protected]>

Author: Kehrlann

mcp-server-security/src/main/java/org/springaicommunity/mcp/security/server/config/McpApiKeyConfigurer.java

@@ -16,6 +16,7 @@
 
 package org.springaicommunity.mcp.security.server.config;
 
+import org.jspecify.annotations.Nullable;
 import org.springaicommunity.mcp.security.server.apikey.ApiKeyEntityRepository;
 import org.springaicommunity.mcp.security.server.apikey.authentication.ApiKeyAuthenticationProvider;
 import org.springaicommunity.mcp.security.server.apikey.web.ApiKeyAuthenticationConverter;
@@ -34,14 +35,15 @@
  */
 public class McpApiKeyConfigurer extends AbstractHttpConfigurer<McpApiKeyConfigurer, HttpSecurity> {
 
-	private ApiKeyEntityRepository<?> apiKeyEntityRepository;
+	private @Nullable ApiKeyEntityRepository<?> apiKeyEntityRepository;
 
-	private String headerName;
+	private @Nullable String headerName;
 
-	private AuthenticationConverter authenticationConverter;
+	private @Nullable AuthenticationConverter authenticationConverter;
 
 	@Override
 	public void init(HttpSecurity http) throws Exception {
+		Assert.notNull(this.apiKeyEntityRepository, "apiKeyRepository cannot be null");
 		http.authenticationProvider(new ApiKeyAuthenticationProvider<>(this.apiKeyEntityRepository))
 			// TODO: improve matcher to check for API key
 			.csrf(csrf -> csrf.ignoringRequestMatchers("/mcp"));
@@ -54,9 +56,7 @@ public void configure(HttpSecurity http) throws Exception {
 		var authManager = http.getSharedObject(AuthenticationManager.class);
 
 		var authenticationConverter = getAuthenticationConverter();
-		var filter = authenticationConverter != null
-				? new ApiKeyAuthenticationFilter(authManager, authenticationConverter)
-				: new ApiKeyAuthenticationFilter(authManager);
+		var filter = new ApiKeyAuthenticationFilter(authManager, authenticationConverter);
 		http.addFilterBefore(filter, BasicAuthenticationFilter.class);
 	}
 
@@ -67,7 +67,7 @@ private AuthenticationConverter getAuthenticationConverter() {
 		if (StringUtils.hasText(this.headerName)) {
 			return new ApiKeyAuthenticationConverter(this.headerName);
 		}
-		return null;
+		return new ApiKeyAuthenticationConverter();
 	}
 
 	/**
@@ -82,7 +82,8 @@ public McpApiKeyConfigurer apiKeyRepository(ApiKeyEntityRepository<?> apiKeyEnti
 	 * The name of the header from which to extract the API key. Defaults to
 	 * {@link org.springaicommunity.mcp.security.server.apikey.web.ApiKeyAuthenticationFilter#DEFAULT_API_KEY_HEADER}.
 	 * <p>
-	 * Overrides the value from {@link #authenticationConverter(AuthenticationConverter)}.
+	 * If {@link #authenticationConverter(AuthenticationConverter)} is set, then this is
+	 * ignored.
 	 */
 	public McpApiKeyConfigurer headerName(String headerName) {
 		this.headerName = headerName;

mcp-server-security/src/main/java/org/springaicommunity/mcp/security/server/config/package-info.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2025-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@NullMarked
+package org.springaicommunity.mcp.security.server.config;
+
+import org.jspecify.annotations.NullMarked;