Package org.mockserver.netty.mcp
Class McpRequestProcessor
java.lang.Object
org.mockserver.netty.mcp.McpRequestProcessor
Transport-neutral MCP (Model Context Protocol) JSON-RPC request processor.
This class contains all the MCP protocol logic (JSON-RPC parsing, session management, tool/resource dispatch, response construction) without any dependency on a specific transport (Netty HTTP/1.1, HTTP/2, or HTTP/3).
Both McpStreamableHttpHandler (TCP path) and the HTTP/3 MCP
dispatch in Http3MockServerHandler delegate to this processor.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classResult of processing an MCP request. -
Constructor Summary
ConstructorsConstructorDescriptionMcpRequestProcessor(HttpState httpState, LifeCycle server, McpSessionManager sessionManager) -
Method Summary
Modifier and TypeMethodDescriptionReturns the session manager used by this processor.handleDelete(String mcpSessionId) Process an MCP DELETE request.Process an MCP GET request (currently not supported -- returns 405).handleOptions(boolean hasOrigin) Process an MCP OPTIONS request (CORS preflight or method-not-allowed).handlePost(String requestBody, String mcpSessionId) Process an MCP POST request.handlePost(String requestBody, String mcpSessionId, Set<String> scopes) Process an MCP POST request, enforcing per-tool control-plane authorization fortools/callusing the authenticated principal's verifiedscopes.static booleanCheck if a path matches the MCP endpoint.
-
Constructor Details
-
McpRequestProcessor
-
-
Method Details
-
getSessionManager
Returns the session manager used by this processor. -
isMcpPath
Check if a path matches the MCP endpoint. -
handlePost
Process an MCP POST request. The request is authenticated by the transport handler BEFORE this is called; the principal's verified scopes are passed in so per-tool control-plane authorization can be enforced fortools/call(a mutating tool requires the MUTATE role, a reading tool the READ role). Equivalent tohandlePost(String, String, java.util.Set)withnullscopes, used by callers that do not (yet) carry an authenticated result.- Parameters:
requestBody- the raw JSON bodymcpSessionId- the Mcp-Session-Id header value (may be null)- Returns:
- the result to write back
-
handlePost
public McpRequestProcessor.McpResult handlePost(String requestBody, String mcpSessionId, Set<String> scopes) Process an MCP POST request, enforcing per-tool control-plane authorization fortools/callusing the authenticated principal's verifiedscopes.Authorization is delegated to
HttpState.controlPlaneToolAuthorized(java.util.Set<java.lang.String>, boolean, java.lang.String)— the SAME authorizer/role model as the HTTP control plane — and is gated bycontrolPlaneAuthorizationEnabled: when that is off (the default), authorization always passes and behaviour is unchanged.- Parameters:
requestBody- the raw JSON bodymcpSessionId- the Mcp-Session-Id header value (may be null)scopes- the authenticated principal's verified scopes (null when authorization is not enforced)- Returns:
- the result to write back
-
handleDelete
Process an MCP DELETE request.- Parameters:
mcpSessionId- the Mcp-Session-Id header value- Returns:
- the result to write back
-
handleGet
Process an MCP GET request (currently not supported -- returns 405).- Returns:
- the result to write back
-
handleOptions
Process an MCP OPTIONS request (CORS preflight or method-not-allowed).- Parameters:
hasOrigin- whether the request has an Origin header- Returns:
- the result to write back
-