springai-mcp-gateway
Verified Safeby oalles
Overview
An OAuth 2.1 secured Spring AI MCP gateway enabling ChatGPT Connectors to interact with local development tools via a streamable HTTP endpoint.
Installation
mvn -q -pl mcp-gateway spring-boot:runEnvironment Variables
- SERVER_PORT
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI
- SPRING_AI_*
Security Notes
The project is explicitly labeled as a 'learning and integration reference' and 'not meant to be a production-grade gateway'. Security relaxations are made for simplicity, including disabled CSRF protection and broadly configured CORS (allowing all origins, methods, and headers with credentials). It uses a hardcoded in-memory user ('omar/secret') and a client ID ('springai-gateway-client') for the Authorization Server demo, with explicit warnings against using these in production. While transparent about these known issues, they represent significant vulnerabilities if deployed without modification. The use of Cloudflare Tunnel for exposure offers some network security benefits.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.
mcp-openapi-server
Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.
mcp-servers
Provides a curated collection of Model Context Protocol (MCP) server configurations to enable AI agents to interact with various developer tools and services.
spring-rest-to-mcp
Transforms existing Spring Web REST APIs into Spring AI Model Context Protocol (MCP) server tools using OpenRewrite recipes.