You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've spent the past few days reading more about MCP, and I now realize that my original question was based on a misunderstanding. It seems that the env map I wanted to pass from the MCP client to the MCP server only applies to local/shell-based MCP clients, not to remote MCP servers configured via the url setting. (correct me if I'm wrong)
What I'm really trying to figure out is how to handle authentication for tool/method invocation. MCP clients can provide API keys if configured to do so, and these keys are passed as @ToolParam correctly. However, this approach can be risky — if the LLM inserts the wrong API key, it could lead to unintended operations on a project or context that the user didn't intend to affect.
A quick fix idea I had is to include a query parameter (e.g., project ID or user ID) in the MCP server url. This way, when you receive an API key via @ToolParam, you can validate that it matches the expected identity from the URL query parameters. This avoids exposing secrets like API keys in the url directly and adds a safeguard against the LLM misbehaving.
Original question:
Hey there,
I'm playing around with the Spring MCP server and I cannot find a way to get an environment map in @Tool annotated methods. I couldn't find anything about this in MCP server documentation but I see there is support for env on the MCP client side.
I tried to use @ToolParam with the exact name of the key from the env map but it never worked. I'm sure there must be another way to get env values without relying on LLM intelligence in this matter.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Update:
I've spent the past few days reading more about MCP, and I now realize that my original question was based on a misunderstanding. It seems that the
envmap I wanted to pass from the MCP client to the MCP server only applies to local/shell-based MCP clients, not to remote MCP servers configured via theurlsetting. (correct me if I'm wrong)What I'm really trying to figure out is how to handle authentication for tool/method invocation. MCP clients can provide API keys if configured to do so, and these keys are passed as
@ToolParamcorrectly. However, this approach can be risky — if the LLM inserts the wrong API key, it could lead to unintended operations on a project or context that the user didn't intend to affect.A quick fix idea I had is to include a query parameter (e.g., project ID or user ID) in the MCP server url. This way, when you receive an API key via
@ToolParam, you can validate that it matches the expected identity from the URL query parameters. This avoids exposing secrets like API keys in the url directly and adds a safeguard against the LLM misbehaving.Original question:
Hey there,
I'm playing around with the Spring MCP server and I cannot find a way to get an environment map in
@Toolannotated methods. I couldn't find anything about this in MCP server documentation but I see there is support forenvon the MCP client side.I tried to use
@ToolParamwith the exact name of the key from theenvmap but it never worked. I'm sure there must be another way to getenvvalues without relying on LLM intelligence in this matter.Example MCP server configuration in client:
{ "mcpServers": { "spring-boot-mcp-server": { "url": "http://localhost:8080/mcp/events", "env": { "API_KEY": "my-private-api-key" } } } }Example tool/method:
Beta Was this translation helpful? Give feedback.
All reactions