Merge branch 'feature-context-path' of https://github.com/fmgit00/mcp-security into feature-context-path

Author: fmgit00

README.md

@@ -49,7 +49,7 @@ This module is compatible with Spring WebMVC-based servers only.
     <dependency>
         <groupId>org.springaicommunity</groupId>
         <artifactId>mcp-server-security</artifactId>
-        <version>0.0.3</version>
+        <version>0.0.4</version>
     </dependency>
     <dependency>
         <groupId>org.springframework.boot</groupId>
@@ -69,7 +69,7 @@ This module is compatible with Spring WebMVC-based servers only.
 *Gradle*
 
 ```groovy
-implementation("org.springaicommunity:mcp-server-security:0.0.3")
+implementation("org.springaicommunity:mcp-server-security:0.0.4")
 implementation("org.springframework.boot:spring-boot-starter-security")
 
 // OPTIONAL
@@ -323,14 +323,14 @@ This module supports `McpSyncClient`s only.
 <dependency>
     <groupId>org.springaicommunity</groupId>
     <artifactId>mcp-client-security</artifactId>
-    <version>0.0.3</version>
+    <version>0.0.4</version>
 </dependency>
 ```
 
 *Gradle*
 
 ```groovy
-implementation("org.springaicommunity:mcp-client-security:0.0.3")
+implementation("org.springaicommunity:mcp-client-security:0.0.4")
 ```
 
 ### Authorization flows
@@ -370,6 +370,8 @@ Depending on the flow you chose (see above), you may need one or both client reg
 ```properties
 # Ensure MCP clients are sync
 spring.ai.mcp.client.type=SYNC
+# Ensure that you do not initialize the clients on startup
+spring.ai.mcp.client.initialized=false
 #
 #
 # For obtaining tokens for calling the tool
@@ -507,6 +509,27 @@ class McpConfiguration {
 }
 ```
 
+### Use with streaming chat client
+
+When using the `.stream()` method of the chat client, you will be using Reactor under the hood. Reactor does not
+guarantee on which thread the work is executed, and will lose thread locals. You need to manually extract the
+information and inject it in the Reactor context:
+
+```java
+class Example {
+
+    void doTheThing() {
+        chatClient
+            .prompt("<your prompt>")
+            .stream()
+            .content()
+            // ... any streaming operation ...
+            .contextWrite(AuthenticationMcpTransportContextProvider.writeToReactorContext());
+    }
+
+}
+```
+
 ### Customize HTTP requests beyond MCP Security's OAuth2 support
 
 MCP Security's default client support integrates with Spring Security to add OAuth2 support. Essentially, it gets a
@@ -560,7 +583,8 @@ As such, thread-locals are not available in these lambda functions.
 If you would like to use thread-locals in this context, use a `McpTransportContextProvider` bean.
 It can extract thread-locals and make them available in an `McpTransportContext` object.
 
-For HttpClient-based request customizers, the `McpTransportContext` will be available in the `customize` method. See, for example, with a Sync client (async works similarly):
+For HttpClient-based request customizers, the `McpTransportContext` will be available in the `customize` method. See,
+for example, with a Sync client (async works similarly):
 
 ```java
 
@@ -619,41 +643,9 @@ class McpConfiguration {
 }
 ```
 
-### Work around Spring AI autoconfiguration
-
-Spring AI integrates MCP tools as if they were regular "tools" (e.g. `@Tool` methods).
-As such, they are discovered when application starts up.
-This means that any MCP client that is configured through configuration properties, such
-as `spring.ai.mcp.client.streamable-http.connections.<SERVER-NAME>.url=...` will be initialized.
-In practice, there will be multiple calls issued to the MCP Server (`initialize` followed by `tools/list`).
-The server will require a token for these calls, and, without a user present, this is an issue in the general case.
-
-To avoid this, you first need to ensure that the clients are not initialized on startup.
-You can do so by setting the property `spring.ai.mcp.client.initialized=false`.
-Then, you need to ensure tools are not listed. There are a few ways to avoid this:
-
-**Disable the @Tool auto-configuration**
-
-You can turn off Spring AI's `@Tool` autoconfiguration altogether.
-This will disable all method and function-based tool calling, and only MCP tools will be available.
-The easiest way to do so is to publish an empty `ToolCallbackResolver` bean:
-
-```java
-
-@Configuration
-public class McpConfiguration {
-
-    @Bean
-    ToolCallbackResolver resolver() {
-        return new StaticToolCallbackResolver(List.of());
-    }
-
-}
-```
-
-**Programmatically configure MCP clients**
+### Programmatically configure MCP clients
 
-You may also forego Spring AI's autoconfiguration altogether, and create the MCP clients programmatically.
+If you'd like to use Spring AI's autoconfiguration altogether, you can create the MCP clients programmatically.
 The easiest way is to draw some inspiration on the transport
 auto-configurations ([HttpClient](https://github.com/spring-projects/spring-ai/blob/main/auto-configurations/mcp/spring-ai-autoconfigure-mcp-client-httpclient/src/main/java/org/springframework/ai/mcp/client/httpclient/autoconfigure/StreamableHttpHttpClientTransportAutoConfiguration.java), [WebClient](https://github.com/spring-projects/spring-ai/blob/main/auto-configurations/mcp/spring-ai-autoconfigure-mcp-client-webflux/src/main/java/org/springframework/ai/mcp/client/webflux/autoconfigure/StreamableHttpWebFluxTransportAutoConfiguration.java))
 as well as
@@ -723,7 +715,7 @@ var chatResponse = chatClient.prompt("Prompt the LLM to _do the thing_")
 - Spring WebFlux servers are not supported.
 - Spring AI autoconfiguration initializes the MCP client app start.
   Most MCP servers want calls to be authenticated with a token, so you
-  need to work around the Spring AI auto-config ([see the workaround above](#work-around-spring-ai-autoconfiguration))
+  need to turn initialization off with `spring.ai.mcp.client.initialized=false`.
 
 Note:
 
@@ -747,14 +739,14 @@ It provides a simple configurer for an MCP server.
 <dependency>
     <groupId>org.springaicommunity</groupId>
     <artifactId>mcp-authorization-server</artifactId>
-    <version>0.0.3</version>
+    <version>0.0.4</version>
 </dependency>
 ```
 
 *Gradle*
 
 ```groovy
-implementation("org.springaicommunity:mcp-authorization-server:0.0.3")
+implementation("org.springaicommunity:mcp-authorization-server:0.0.4")
 ```
 
 ### Usage

mcp-authorization-server/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springaicommunity</groupId>
         <artifactId>mcp-security-parent</artifactId>
-        <version>0.0.4-SNAPSHOT</version>
+        <version>0.0.5-SNAPSHOT</version>
     </parent>
 
     <artifactId>mcp-authorization-server</artifactId>

mcp-client-security/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springaicommunity</groupId>
         <artifactId>mcp-security-parent</artifactId>
-        <version>0.0.4-SNAPSHOT</version>
+        <version>0.0.5-SNAPSHOT</version>
     </parent>
 
     <artifactId>mcp-client-security</artifactId>
@@ -83,6 +83,11 @@
             <artifactId>spring-webflux</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.ai</groupId>
+            <artifactId>spring-ai-model</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>jakarta.servlet</groupId>
             <artifactId>jakarta.servlet-api</artifactId>

mcp-client-security/src/main/java/org/springaicommunity/mcp/security/client/sync/AuthenticationMcpTransportContextProvider.java

@@ -16,26 +16,120 @@
 
 package org.springaicommunity.mcp.security.client.sync;
 
-import io.modelcontextprotocol.common.McpTransportContext;
+import java.net.http.HttpClient;
 import java.util.HashMap;
 import java.util.function.Supplier;
 
+import io.modelcontextprotocol.client.transport.customizer.McpAsyncHttpClientRequestCustomizer;
+import io.modelcontextprotocol.client.transport.customizer.McpSyncHttpClientRequestCustomizer;
+import io.modelcontextprotocol.common.McpTransportContext;
+import org.springaicommunity.mcp.security.client.sync.oauth2.http.client.OAuth2AuthorizationCodeSyncHttpRequestCustomizer;
+import org.springaicommunity.mcp.security.client.sync.oauth2.http.client.OAuth2HybridSyncHttpRequestCustomizer;
+import org.springaicommunity.mcp.security.client.sync.oauth2.webclient.McpOAuth2AuthorizationCodeExchangeFilterFunction;
+import org.springaicommunity.mcp.security.client.sync.oauth2.webclient.McpOAuth2HybridExchangeFilterFunction;
+import reactor.util.context.Context;
+import reactor.util.context.ContextView;
+
+import org.springframework.ai.model.tool.internal.ToolCallReactiveContextHolder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
+import org.springframework.web.reactive.function.client.WebClient;
 
 /**
+ * A supplier that extracts security-related information from the "context", and make it
+ * available to MCP clients when they send requests to MCP servers. It extracts request
+ * attributes and the current authentication object. In Servlet application, this is
+ * achieved with {@link SecurityContextHolder} and {@link RequestContextHolder}.
+ * <p>
+ * This can be used in conjunction with {@link McpSyncHttpClientRequestCustomizer} and
+ * {@link McpAsyncHttpClientRequestCustomizer} for {@link HttpClient}-based transports,
+ * and with {@link ExchangeFilterFunction} for {@link WebClient}-based transports.
+ * <p>
+ * This is usually used through a Spring AI {@code McpSyncClientCustomizer} or
+ * {@code McpAsyncClientCustomizer}, like so:
+ *
+ * <pre>
+ * &#x40;Bean
+ * McpSyncClientCustomizer syncClientCustomizer() {
+ *   return (name, syncSpec) -> syncSpec
+ *     .transportContextProvider(
+ *       new AuthenticationMcpTransportContextProvider()
+ *     );
+ * }
+ * </pre>
+ *
+ * <p>
+ * When using Spring's {@code ChatClient} "streaming" capabilities, you must also use
+ * {@link #writeToReactorContext()} to make thread-locals available in the stream's
+ * reactor context:
+ *
+ * <pre>
+ * chatClient
+ *     .prompt("your LLM prompt")
+ *     .stream()
+ *     .content()
+ *     .contextWrite(AuthenticationMcpTransportContextProvider.writeToReactorContext())
+ *     // ...
+ * </pre>
+ *
  * @author Daniel Garnier-Moiroux
+ * @see OAuth2AuthorizationCodeSyncHttpRequestCustomizer
+ * @see OAuth2HybridSyncHttpRequestCustomizer
+ * @see McpOAuth2AuthorizationCodeExchangeFilterFunction
+ * @see McpOAuth2HybridExchangeFilterFunction
  */
 public class AuthenticationMcpTransportContextProvider implements Supplier<McpTransportContext> {
 
 	public static final String AUTHENTICATION_KEY = Authentication.class.getName();
 
 	public static final String REQUEST_ATTRIBUTES_KEY = RequestAttributes.class.getName();
 
+	public static final String REACTOR_CONTEXT_KEY = "org.springaicommunity.mcp.security.client.sync.REACTOR_CONTEXT";
+
+	private final boolean reactiveContextHolderAvailable;
+
+	public AuthenticationMcpTransportContextProvider() {
+		boolean reactiveContextHolderAvailable = false;
+		try {
+			Class.forName("org.springframework.ai.model.tool.internal.ToolCallReactiveContextHolder");
+			reactiveContextHolderAvailable = true;
+		}
+		catch (ClassNotFoundException ignored) {
+		}
+		this.reactiveContextHolderAvailable = reactiveContextHolderAvailable;
+	}
+
+	/**
+	 * Helper function to write to thread-locals to the reactor context. Use it on your
+	 * reactive {@code ChatClient} operations, such as
+	 * {@code chatClient.prompt("...").stream().content()}.
+	 * <p>
+	 * Do NOT use if Reactor is not on the classpath.
+	 */
+	public static ContextView writeToReactorContext() {
+		return Context.empty().put(REACTOR_CONTEXT_KEY, fromThreadLocals());
+	}
+
+	/**
+	 * Read authentication and request data from thread-locals. If they are not available,
+	 * and a Spring AI {@code ToolCallReactiveContextHolder} is available on the
+	 * classpath, it will try to access the values there.
+	 */
 	@Override
 	public McpTransportContext get() {
+		var transportContext = fromThreadLocals();
+
+		if (this.reactiveContextHolderAvailable && transportContext == McpTransportContext.EMPTY) {
+			transportContext = fromToolCallReactiveContextHolder();
+		}
+
+		return transportContext;
+	}
+
+	private static McpTransportContext fromThreadLocals() {
 		var data = new HashMap<String, Object>();
 
 		var securityContext = SecurityContextHolder.getContext();
@@ -48,7 +142,19 @@ public McpTransportContext get() {
 			data.put(REQUEST_ATTRIBUTES_KEY, requestAttributes);
 		}
 
+		if (data.isEmpty()) {
+			return McpTransportContext.EMPTY;
+		}
+
 		return McpTransportContext.create(data);
 	}
 
+	private static McpTransportContext fromToolCallReactiveContextHolder() {
+		var reactorContext = ToolCallReactiveContextHolder.getContext();
+		if (reactorContext == Context.empty()) {
+			return McpTransportContext.EMPTY;
+		}
+		return reactorContext.getOrDefault(REACTOR_CONTEXT_KEY, McpTransportContext.EMPTY);
+	}
+
 }

mcp-server-security/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springaicommunity</groupId>
         <artifactId>mcp-security-parent</artifactId>
-        <version>0.0.4-SNAPSHOT</version>
+        <version>0.0.5-SNAPSHOT</version>
     </parent>
 
     <artifactId>mcp-server-security</artifactId>

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.springaicommunity</groupId>
     <artifactId>mcp-security-parent</artifactId>
-    <version>0.0.4-SNAPSHOT</version>
+    <version>0.0.5-SNAPSHOT</version>
 
     <packaging>pom</packaging>
     <url>https://github.com/spring-ai-community/mcp-security</url>
@@ -74,7 +74,7 @@
         <maven.compiler.target>17</maven.compiler.target>
 
         <mcp.java.sdk.version>0.15.0</mcp.java.sdk.version>
-        <spring-ai.version>1.1.0-M4</spring-ai.version>
+        <spring-ai.version>1.1.0</spring-ai.version>
         <spring-boot.version>3.5.4</spring-boot.version>
 
         <!-- plugin versions -->

samples/integration-tests/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springaicommunity</groupId>
         <artifactId>mcp-security-parent</artifactId>
-        <version>0.0.4-SNAPSHOT</version>
+        <version>0.0.5-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
@@ -41,14 +41,17 @@
         <dependency>
             <groupId>org.springaicommunity</groupId>
             <artifactId>mcp-server-security</artifactId>
-            <version>0.0.4-SNAPSHOT</version>
+            <version>0.0.5-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>org.springaicommunity</groupId>
             <artifactId>mcp-client-security</artifactId>
-            <version>0.0.4-SNAPSHOT</version>
+            <version>0.0.5-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.ai</groupId>
+            <artifactId>spring-ai-starter-model-anthropic</artifactId>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.experimental.boot</groupId>
             <artifactId>spring-boot-testjars</artifactId>