streamable-http-mcp-server
Verified Safeby daydayup-zyn
Overview
This project provides a Spring Boot starter for integrating MCP (Model Controller Protocol) services, enabling developers to define HTTP API functions using annotations.
Installation
mvn spring-boot:run -pl streamable-http-mcp-demoSecurity Notes
The server dynamically invokes methods based on user input (tool name and arguments). However, this is constrained to methods explicitly annotated with `@McpFunction` on registered Spring beans, limiting the attack surface to defined functions. Parameter conversion is basic and limited to primitive types. There are no obvious `eval` or arbitrary code execution vulnerabilities. The usage of `ThreadLocal` for `HttpServletRequest` is standard. Compatibility with Spring Boot 2.1.x is noted, which is an old version and might pose security risks if not updated/patched properly, but this is an environmental concern, not a code-level vulnerability in the provided snippets.
Similar Servers
infobip-openapi-mcp
Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.
MCP-Client-Host-Java
An MCP (Model Context Protocol) client that acts as a server to the MCP host, managing connections to various external MCP servers (tools) and orchestrating tool discovery and execution for AI assistants.
MCP-Server
Provides a calculator tool via the Model Context Protocol (MCP) for inter-process communication, typically serving AI agents or other applications requiring specialized tooling.
spring-ai-demo-mcp-server
A lightweight demo server exposing simple CRUD tools for 'Person' data via STDIO, integrated with AI models using Spring AI's Model Context Protocol (MCP).