对sse的访问路径进行放权

pom.xml

@@ -101,10 +101,10 @@
             <!--<scope>runtime</scope>-->
         </dependency>
 
-        <!--<dependency>
+        <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>-->
+        </dependency>
 
         <dependency>
             <groupId>org.hibernate.validator</groupId>

src/main/java/com/shkpr/service/mcpcenterservice/KprMcpCenterServiceApplication.java

@@ -23,4 +23,51 @@ public class KprMcpCenterServiceApplication {
                 //.toolObjects(new MathMcpTool())
                 .build();
     }
+    /**
+     * 1) 现在cmd终点调用：curl -N -i -X GET "http://127.0.0.1:9100/kpr-mcp-center/sse"
+     *    以获取sessionId并保持连接
+     * 2) 以post方法调用：http://127.0.0.1:9100/kpr-mcp-center/sse/message?sessionId=xxx
+     *    ```
+     *    {
+     *   "jsonrpc": "2.0",
+     *   "id": 1,
+     *   "method": "initialize",
+     *   "params": {
+     *     "protocolVersion": "2025-06-18",
+     *     "capabilities": {},
+     *     "clientInfo": {
+     *       "name": "postman-client",
+     *       "version": "1.0.0"
+     *     }
+     *   }
+     *   }
+     *    ```
+     *  3) 以post方法调用：http://127.0.0.1:9100/kpr-mcp-center/sse/message?sessionId=xxx
+     *  ```
+     *  {
+     *   "jsonrpc": "2.0",
+     *   "method": "notifications/initialized"
+     *  }
+     *  ```
+     *  4) 以post方法调用：http://127.0.0.1:9100/kpr-mcp-center/sse/message?sessionId=xxx
+     *  ```
+     *  {
+     *   "jsonrpc": "2.0",
+     *   "id": 2,
+     *   "method": "tools/list"
+     * }
+     *  ```
+     *  5) 以post方法调用：http://127.0.0.1:9100/kpr-mcp-center/sse/message?sessionId=xxx
+     *  ```
+     *  {
+     *   "jsonrpc": "2.0",
+     *   "id": 2,
+     *   "method": "tools/call",
+     *   "params": {
+     *     "name": "add",
+     *     "arguments": {"a":10,"b":10}
+     *   }
+     * }
+     *  ```
+     */
 }

src/main/java/com/shkpr/service/mcpcenterservice/configuration/McpSecurityConfig.java

@@ -0,0 +1,25 @@
+package com.shkpr.service.mcpcenterservice.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class McpSecurityConfig {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/kpr-mcp-center/sse").permitAll()
+                        .requestMatchers("/kpr-mcp-center/sse/message").permitAll()
+                        .requestMatchers("/").permitAll()
+                        .anyRequest().authenticated()
+                )
+                .csrf(csrf -> csrf.disable()); //MCP通常不需要 CSRF
+        return http.build();
+    }
+}