McpServerRestAPI
by venkatmadala9
Overview
A Spring Boot REST API server that integrates with external logistics/shipment APIs, secures communication via OAuth2, and provides natural language processing capabilities using Spring AI with tool calling.
Installation
mvn spring-boot:runEnvironment Variables
- security.oauth2.skew-seconds
- security.oauth2.token-uri
- security.oauth2.client-id
- security.oauth2.client-secret
- security.oauth2.grant-type
- security.oauth2.username
- security.oauth2.password
- security.oauth2.scope
- security.oauth2.basic-auth-for-client
- api.base.url
Security Notes
The application explicitly disables SSL certificate validation and hostname verification (`TrustAllStrategy.INSTANCE`, `NoopHostnameVerifier.INSTANCE`) for all `RestClient` instances configured via `RestClientConfig`. This is a critical security vulnerability, making the application highly susceptible to Man-in-the-Middle attacks against both the OAuth2 token endpoint and the external API. It should not be used in production or with sensitive data. Additionally, the `APIService` contains a hardcoded internal IP address (`http://dbslsp-stg01-fr4:8083`) and a `getShipment` method with a literal `Bearer ${token}` authorization header, which would prevent successful authentication if that particular tool were enabled and called.
Similar Servers
hello-spring-mcp-server
This server provides a set of tools for AI agents to query employee skills and retrieve employees based on specific skills from an in-memory dataset.
oauth2-authorization-server
An OAuth2 Authorization Server providing user authentication, authorization, AI-powered chat and RAG functionalities, web scraping, and file storage.
springai-mcp-gateway
An OAuth 2.1 secured Spring AI MCP gateway enabling ChatGPT Connectors to interact with local development tools via a streamable HTTP endpoint.
MCP-Client-Host-Java
An MCP (Model Context Protocol) client that acts as a server to the MCP host, managing connections to various external MCP servers (tools) and orchestrating tool discovery and execution for AI assistants.