Securing MCP Servers with Spring AI (spring.io)

Spring AI community released an mcp-security incubator (v0.0.2) that lets Spring AI 1.1.x apps expose Model Context Protocol (MCP) servers with production-ready authentication. The module implements the MCP spec’s security requirements (every HTTP call must include Authorization: Bearer <token>), advertises trusted authorization servers via a /.well-known/oauth-protected-resource/mcp metadata endpoint, and plugs into Spring Security so MCP servers can act as OAuth2 resource servers (McpResourceServerConfigurer.mcpServerOAuth2()). The post includes a complete example: dependencies, properties (authorization.server.url), a SecurityFilterChain that enforces token auth and optional audience validation, and a sample greeter tool that reads the JWT sub claim from SecurityContext to personalize responses. The release is compatible with debugging tools like the MCP inspector and clients such as Claude Desktop and Cursor. For environments without OAuth2 infra, the project also supports API-key flows through McpApiKeyConfigurer.mcpServerApiKey() and a pluggable ApiKeyEntityRepository (in-memory example provided). There’s also a companion mcp-authorization-server artifact to build an MCP-compatible Spring Authorization Server supporting dynamic client registration and resource indicators. Together, these additions make it straightforward for Spring developers to build spec-compliant, discoverable, and interoperable MCP servers — or opt for API-key fallbacks when OAuth2 isn’t available.