I've built a remote MCP server in production (Spring Boot + OAuth 2.0 + PKCE + RFC 8414 discovery + tool access control) and I'm thinking of open sourcing it as a starter template.
Everything I've found is either Node.js, Python, or only covers the basic stdio transport with no auth. Is this something Java devs are actually struggling with? Would a Spring Boot starter with auth baked in be useful to you?
Open to feedback and suggestions.
Top comments (5)
This is definitely a gap.
Most MCP examples are either Node-based or skip auth entirely, which makes them useless for real-world apps.
For Java devs, setting up OAuth2 + PKCE + access control from scratch is where things slow down.
A production-ready Spring Boot starter would save a lot of time here, especially if it’s opinionated and quick to run.
Curious, are you planning to keep it minimal or include things like role-based tool access and multi-tenant support?
The version which I've built for production is role-based access to tool and multi tenant, you can pass your keys in params and mcp server will pick those params inside the tools.
I’d really appreciate the chance to connect and discuss this further with you.
That makes sense. Role-based access + multi-tenancy is where it actually becomes usable in production.
One thing I’ve noticed though, most teams don’t struggle with MCP itself, they struggle with everything around it:
That’s usually where timelines blow up.
If your starter makes those parts trivial and not just “supported”, it’ll be genuinely useful.
Curious how opinionated you’re planning to go on auth and tenancy? Or keeping it flexible?
I want to make it as flexible as possible and as easy to implement as possible.
Can we connect over a quick google meet call?
I found your comment really helpful and wanted more suggestions on this.
Happy to connect, but I think you’ll get more value if you push this a bit further first.
If you try to make it “fully flexible”, it’ll end up like most starters people don’t use.
The real value here is:
Flexibility can come later.
If you can get someone from zero → running secure MCP server in 10 minutes, that’s the win.
Share a first version once you have it, happy to take a deeper look then.