McpServerRestAPI
by venkatmadala9
Overview
A Spring Boot REST API server that integrates with external logistics/shipment APIs, secures communication via OAuth2, and provides natural language processing capabilities using Spring AI with tool calling.
Installation
mvn spring-boot:runEnvironment Variables
- security.oauth2.skew-seconds
- security.oauth2.token-uri
- security.oauth2.client-id
- security.oauth2.client-secret
- security.oauth2.grant-type
- security.oauth2.username
- security.oauth2.password
- security.oauth2.scope
- security.oauth2.basic-auth-for-client
- api.base.url
Security Notes
The application explicitly disables SSL certificate validation and hostname verification (`TrustAllStrategy.INSTANCE`, `NoopHostnameVerifier.INSTANCE`) for all `RestClient` instances configured via `RestClientConfig`. This is a critical security vulnerability, making the application highly susceptible to Man-in-the-Middle attacks against both the OAuth2 token endpoint and the external API. It should not be used in production or with sensitive data. Additionally, the `APIService` contains a hardcoded internal IP address (`http://dbslsp-stg01-fr4:8083`) and a `getShipment` method with a literal `Bearer ${token}` authorization header, which would prevent successful authentication if that particular tool were enabled and called.
Similar Servers
oauth2-authorization-server
An OAuth2 Authorization Server managing user authentication, user data, PostgreSQL to Oracle database migration/scripting, AI chat with various models, file storage, and Excel processing.
springai-mcp-gateway
An OAuth 2.1 secured Spring AI MCP gateway enabling ChatGPT Connectors to interact with local development tools via a streamable HTTP endpoint.
springboot-mcp-server
An AI-powered Spring Boot server for student management, demonstrating tool-use capabilities with an external large language model.
jira-mcp-server
A Spring Boot service providing OAuth2 authenticated tools for LLM agents to manage Jira issues and Confluence pages.