springai-mcp-gateway
Verified Safeby oalles
Overview
An OAuth 2.1 secured Spring AI MCP gateway enabling ChatGPT Connectors to interact with local development tools via a streamable HTTP endpoint.
Installation
mvn -q -pl mcp-gateway spring-boot:runEnvironment Variables
- SERVER_PORT
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI
- SPRING_AI_*
Security Notes
The project is explicitly labeled as a 'learning and integration reference' and 'not meant to be a production-grade gateway'. Security relaxations are made for simplicity, including disabled CSRF protection and broadly configured CORS (allowing all origins, methods, and headers with credentials). It uses a hardcoded in-memory user ('omar/secret') and a client ID ('springai-gateway-client') for the Authorization Server demo, with explicit warnings against using these in production. While transparent about these known issues, they represent significant vulnerabilities if deployed without modification. The use of Cloudflare Tunnel for exposure offers some network security benefits.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
infobip-openapi-mcp
Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.
oauth2-authorization-server
An OAuth2 Authorization Server managing user authentication, user data, PostgreSQL to Oracle database migration/scripting, AI chat with various models, file storage, and Excel processing.
MCP-Client-Host-Java
An MCP (Model Context Protocol) client that acts as a server to the MCP host, managing connections to various external MCP servers (tools) and orchestrating tool discovery and execution for AI assistants.