Package com.ssgllc.fish.config.mcp

Class McpSecurityConfig.SecurityTools

java.lang.Object
com.ssgllc.fish.config.mcp.McpSecurityConfig.SecurityTools
Enclosing class:
McpSecurityConfig
public static class McpSecurityConfig.SecurityTools extends Object
Tool implementations for security inspection.

Backed by SecurityQueryService, which reads from the in-memory permission cache built by PermissionCache.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final com.fasterxml.jackson.databind.ObjectMapper
    mapper
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected String
    bytesToString(byte[] bytes)
    Decodes a byte array to a UTF-8 string.
    protected String
    errorJson(Exception e)
    Produces a standard {"error":"<message>"} JSON response from an exception.
    String
    getEntitySecurity(String entityType)
    Returns the entity-level security profile including permission level bounds, attribute security expressions (per access type), and per-role assignments.
    String
    getFieldSecurityForEntity(String entityType, String fieldName)
    Returns field-level security for all configured fields on an entity, or for a single named field when fieldName is supplied.
    String
    getRoleSecurity(String roleName)
    Resolves the full role inheritance hierarchy via BFS and returns the highest effective access level per entity across the entire ancestor chain.
    String
    getUserDetails(String userLogin)
    Looks up the user in the application user cache and evaluates all casetivity.properties userTokenFields SpEL expressions against the user entity to produce the custom attribute map.
    protected String
    handleTool(Callable<Object> action)
    Invokes action, serializes the result with toJson(java.lang.Object), and returns it.
    String
    listRoles()
    Returns a flat list of all roles currently loaded in the permission cache.
    protected String
    toJson(Object value)
    Serializes value to a compact JSON string (no indent).

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • mapper

      protected final com.fasterxml.jackson.databind.ObjectMapper mapper

  • Method Details

    • getEntitySecurity

      @Tool(name="get-entity-security", description="Get role-based and attribute security config for an entity type.") public String getEntitySecurity(@ToolParam(description="Entity type name") String entityType)
      Returns the entity-level security profile including permission level bounds, attribute security expressions (per access type), and per-role assignments. Role assignments include direct parent role names resolved from the cache.
      Parameters:
      entityType - entity type name as it appears in the data model
      Returns:
      JSON object with keys minLevel, maxLevel, attributeSecurity, and rolePermissions

    • getFieldSecurityForEntity

      @Tool(name="get-field-security-for-entity", description="Get field-level security config for an entity type.") public String getFieldSecurityForEntity(@ToolParam(description="Entity type name") String entityType, @ToolParam(required=false,description="Single field name, or omit for all") String fieldName)
      Returns field-level security for all configured fields on an entity, or for a single named field when fieldName is supplied. Results include the same structure as entity-level security but scoped to individual field permissions.
      Parameters:
      entityType - entity type name
      fieldName - optional field name filter; null returns all fields
      Returns:
      JSON array of field security objects, each with keys fieldName, minLevel, maxLevel, attributeSecurity, and rolePermissions

    • getRoleSecurity

      @Tool(name="get-role-security", description="Get effective entity permissions for a role, resolving full inheritance hierarchy.") public String getRoleSecurity(@ToolParam(description="Role name") String roleName)
      Resolves the full role inheritance hierarchy via BFS and returns the highest effective access level per entity across the entire ancestor chain. When an inherited role (not the queried role itself) grants the effective level, the grantedBy field names that ancestor role.
      Parameters:
      roleName - role name as stored in the permission cache (e.g. ROLE_ADMIN)
      Returns:
      JSON object with keys role, directParents, entityPermissions, and fieldPermissionCounts

    • listRoles

      @Tool(name="list-roles", description="List all roles with name, displayName, description, and direct parents.") public String listRoles()
      Returns a flat list of all roles currently loaded in the permission cache. Direct parent names come from PermissionCache.getDirectParents(java.lang.String).
      Returns:
      JSON array of role objects, each with keys name, displayName, description, and directParents

    • getUserDetails

      @Tool(name="get-user-details", description="Get user properties, effective roles, and custom userTokenFields attributes.") public String getUserDetails(@ToolParam(description="User login") String userLogin)
      Looks up the user in the application user cache and evaluates all casetivity.properties userTokenFields SpEL expressions against the user entity to produce the custom attribute map.
      Parameters:
      userLogin - application login name (case-sensitive)
      Returns:
      JSON object with keys login, displayName, email, active, roles, and customProperties

    • toJson

      protected String toJson(Object value)
      Serializes value to a compact JSON string (no indent). Returns {"error":"serialization failed"} if serialization throws.
      Parameters:
      value - the object to serialize; may be null
      Returns:
      compact JSON string

    • bytesToString

      protected String bytesToString(byte[] bytes)
      Decodes a byte array to a UTF-8 string. Used to convert binary report output to a returnable string.
      Parameters:
      bytes - raw bytes
      Returns:
      decoded string

    • handleTool

      protected String handleTool(Callable<Object> action)
      Invokes action, serializes the result with toJson(java.lang.Object), and returns it. Any exception thrown by the action is caught and converted to a standard {"error":"<message>"} response via errorJson(java.lang.Exception). Use this in every @Tool method to eliminate identical try/catch boilerplate.
      Parameters:
      action - the tool logic to invoke; may throw any exception
      Returns:
      compact JSON string — the serialized result on success, or an error object on failure

    • errorJson

      protected String errorJson(Exception e)
      Produces a standard {"error":"<message>"} JSON response from an exception. Falls back to the simple class name when Throwable.getMessage() is null.
      Parameters:
      e - the exception to convert
      Returns:
      JSON error string