Package com.onec.mcp

Class McpSecurityConfiguration

java.lang.Object

com.onec.mcp.McpSecurityConfiguration

@AutoConfiguration
@ConditionalOnClass(org.springframework.security.web.SecurityFilterChain.class)
@EnableConfigurationProperties(OnecMcpProperties.class)
@ConditionalOnProperty(prefix="onec.mcp",
                       name="enabled",
                       havingValue="true",
                       matchIfMissing=true)
public class McpSecurityConfiguration
extends Object

Contributes a dedicated, high-precedence SecurityFilterChain scoped to the MCP endpoint. It requires HTTP Basic authentication, reusing whatever UserDetailsService/AuthenticationManager the application already has (e.g. from onec-auth-starter), so MCP callers map onto the same users and roles the rest of the system enforces.

The chain is securityMatcher-scoped to onec.mcp.endpoint and ordered ahead of the application's catch-all chain, so it governs only MCP traffic and leaves the existing UI/API security untouched. It is stateless and CSRF-exempt because MCP clients authenticate per request rather than via a browser session.

Constructor Summary

Constructors

Constructor	Description
McpSecurityConfiguration()

Method Summary

Modifier and Type	Method	Description
org.springframework.security.web.SecurityFilterChain	onecMcpSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, OnecMcpProperties properties)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

McpSecurityConfiguration

public McpSecurityConfiguration()

Method Details

onecMcpSecurityFilterChain

@Bean
@Order(1)
public org.springframework.security.web.SecurityFilterChain onecMcpSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http,
 OnecMcpProperties properties)
                                                                                throws Exception

Throws:

Exception