Skip to content

26.0.0.5 beta post#4800

Merged
navaneethsnair1 merged 4 commits into
stagingfrom
26.0.0.5-beta-post
May 6, 2026
Merged

26.0.0.5 beta post#4800
navaneethsnair1 merged 4 commits into
stagingfrom
26.0.0.5-beta-post

Conversation

@navaneethsnair1
Copy link
Copy Markdown
Contributor

@navaneethsnair1 navaneethsnair1 commented May 4, 2026

@navaneethsnair1 navaneethsnair1 marked this pull request as draft May 4, 2026 13:24
@arkarkala
Copy link
Copy Markdown
Member

arkarkala commented May 4, 2026

  1. The current Title - Transport Security - seems too high level and not convey the real updates (sounds like a new feature actually)
    How about - Update to TLS/SSL Cipher support

  2. Example Usage ----> is that supposed to say Existing Usage? (and showing 2 CUSTOMs and enabledCiphers is confusing).
    Let's remove the first entry for both.

@rangaran
Copy link
Copy Markdown

rangaran commented May 4, 2026

image

@navaneethsnair1 navaneethsnair1 marked this pull request as ready for review May 4, 2026 17:41
martindrozdz
martindrozdz reviewed May 5, 2026
View reviewed changes
Comment thread posts/2026-05-05-26.0.0.5-beta.adoc
Comment on lines +51 to +191
== Updates to `mcpServer-1.0`

The link:https://modelcontextprotocol.io/docs/getting-started/intro[Model Context Protocol (MCP)] is an open standard that enables AI applications to access real-time information from external sources. The Liberty MCP Server feature `mcpServer-1.0` allows developers to expose the business logic of their applications, allowing it to be integrated into agentic AI workflows.

This beta release of Liberty includes important updates to the `mcpServer-1.0` feature, including configurable endpoint paths and notable bug fixes.

=== Prerequisites
To use the `mcpServer-1.0` feature, it is required to have `Java 17` or later installed on your system.

=== Configure custom MCP endpoint paths (Currently disabled pending review - testing revealed inconsistent behavior across multiple modules)

Previously, the MCP endpoint was hard-coded to `/mcp` under the web application context root. You can now configure custom endpoint paths to better suit your application architecture and naming conventions.

==== Single Application Configuration

For a single application, configure the endpoint path directly in the `<mcpServer>` element:

[source,xml]
----
<server description="Liberty server with custom MCP endpoint">

<featureManager>
<feature>servlet-6.0</feature>
<feature>cdi-4.0</feature>
<feature>mcpServer-1.0</feature>
</featureManager>

<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443"/>

<!-- Configure custom MCP endpoint path -->
<mcpServer endpoint="/custom-mcp"/>

</server>
----

With this configuration, MCP server can be accessed at `/custom-mcp` instead of the default `/mcp` path.

==== Multiple Application Configuration

For applications with multiple modules or when you need different endpoint paths for different parts of your application, configure the MCP server settings under the `<application>` element:

[source,xml]
----
<server description="Liberty server with multiple MCP endpoints">

<featureManager>
<feature>servlet-6.0</feature>
<feature>cdi-4.0</feature>
<feature>mcpServer-1.0</feature>
</featureManager>

<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443"/>

<application name="myApp" location="myApp.ear" type="ear">
<!-- Configure MCP endpoint for specific module -->
<mcpServer moduleName="module1" name="default" path="/api/mcp"/>
<mcpServer moduleName="module2" name="default" path="/services/mcp"/>
</application>

</server>
----

This configuration supports the following:

* Define different endpoint paths for different modules within the same application
* Use descriptive paths that align with your API structure
* Support future extensibility for multiple MCP endpoints within a single module

==== Configuration Options

The `<mcpServer>` element supports the following attributes:

* *endpoint* (single app): The custom path for the MCP endpoint (e.g., `/custom-mcp`)
* *moduleName* (multi-app): The name of the module to configure
* *name* (multi-app): The identifier for the MCP server configuration (typically "default")
* *path* (multi-app): The custom path for the MCP endpoint

==== Benefits

Configurable endpoint paths provide:

* *Flexibility*: Align MCP endpoints with your existing API structure
* *Multi-tenancy support*: Different paths for different applications or modules
* *Future-proofing*: Foundation for supporting multiple MCP endpoints per application
* *Better organization*: Descriptive paths that reflect the purpose of each endpoint

=== Notable bug fixes in this release for `mcpServer-1.0`

==== 1) Structured content output schemas now comply with MCP specification

The MCP specification requires that structured content output schemas must have an object type at the root level. Previously, when arrays of objects are returned, the schema incorrectly placed the array at the root level.

*Previous Behavior (Incorrect):*
[source,json]
----
{
"outputSchema": {
"description": "Returns list of person object",
"type": "array",
"items": {
"$ref": "#/$defs/Person"
}
}
}
----

*Current Behavior (Correct):*
[source,json]
----
{
"outputSchema": {
"description": "Returns Persons object",
"type": "object",
"properties": {
"persons": {
"type": "array",
"items": {
"$ref": "#/$defs/Person"
}
}
}
}
}
----

This helps ensure that all structured content responses comply with the link:https://modelcontextprotocol.io/specification/2025-11-25/server/tools#structured-content[MCP structured content specification] and improves compatibility with MCP clients and conformance tests.

==== 2) Authentication failures now return correct HTTP status code

Previously, failed authentication attempts returned a `403 Forbidden` response, which might be confusing as it typically indicates authorization (permission) failures rather than authentication (identity verification) failures.

Now, failed authentication attempts correctly return a `401 Unauthorized` response, making it immediately clear that the issue is with authentication credentials rather than permissions. This behavior follows HTTP specification best practices and makes it easier to troubleshoot authentication configuration problems.

==== 3) Fixed encoder bean isolation in multi-application deployments

Previously, encoder beans from multiple applications were stored in a static list within `McpCdiExtension`, causing beans from different applications to interfere with each other. This behavior could result in encoder beans from one application being incorrectly called in another application, unpredictable behavior in multi-application deployments, and potential security issues with cross-application bean access.

Copy link
Copy Markdown
Member

@martindrozdz martindrozdz May 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @navaneethsnair1 , please replace these lines with:

<GHA-BLOG-SUMMARY>

The Model Context Protocol (MCP) has emerged as the standard for AI applications to access real-time information from external sources. The Liberty MCP Server feature mcpServer-1.0 allows developers to expose business logic or data from their applications, allowing it to be integrated into agentic AI workflows.

This beta release of Liberty includes important updates to the mcpServer-1.0 feature including configurable endpoint paths and notable bug fixes.

Prerequisites

To use the mcpServer-1.0 feature, it is required to have "Java 17 or later" installed on your system.


Configure custom MCP endpoint paths

Previously, the MCP endpoint was hard-coded to /mcp under the web application context root. You can now configure custom endpoint paths to better suit your application architecture and naming conventions.


Single Application Configuration

For a single application, configure the endpoint path directly in the <mcpServer> element:

<server description="Configurable Mcp Path Liberty server">

  <featureManager>
    <feature>servlet-6.0</feature>    
    <feature>cdi-4.0</feature>
    <feature>mcpServer-1.0</feature>
  </featureManager>
  
  <application location="configurableMcpPathTests.war">
  	<mcpServer path="/custom-mcp"/>
  </application>

  <include location="../fatTestPorts.xml" />
  
</server>

With this configuration, your MCP server will be accessible at /custom-mcp instead of the default /mcp path.
Multiple Application Configurations for one EAR file are not yet supported.


Configuration Options

The <mcpServer> element supports the following attributes:

  • path (single app): The custom path for the MCP endpoint (e.g., /custom-mcp)

Notable bug fixes in this release

1) Structured content output schemas now comply with MCP specification

The MCP specification requires that structured content output schemas must have an object type at the root level. Previously, when returning arrays of objects, the schema incorrectly placed the array at the root level.

Previous Behavior (Incorrect):

{
  "outputSchema": {
    "description": "Returns list of person object",
    "type": "array",
    "items": {
      "$ref": "#/$defs/Person"
    }
  }
}

Current Behavior (Correct):

{
  "outputSchema": {
    "description": "Returns Persons object",
    "type": "object",
    "properties": {
      "persons": {
        "type": "array",
        "items": {
          "$ref": "#/$defs/Person"
        }
      }
    }
  }
}

This ensures all structured content responses comply with the MCP structured content specification and improves compatibility with MCP clients and conformance tests.

2) Authentication failures now return correct HTTP status code

Previously, failed authentication attempts returned a 403 Forbidden response, which could be confusing as it typically indicates authorization (permission) failures rather than authentication (identity verification) failures.

Now, failed authentication attempts correctly return a 401 Unauthorized response, making it immediately clear that the issue is with authentication credentials rather than permissions. This follows HTTP specification best practices and makes it easier to troubleshoot authentication configuration problems.

3) Fixed encoder bean isolation in multi-application deployments

Previously, encoder beans from multiple applications were stored in a static list within McpCdiExtension, causing beans from different applications to interfere with each other. This could result in encoder beans from one application being incorrectly called in another application, unpredictable behavior in multi-application deployments.

This has been fixed to ensure proper isolation of encoder beans per application, preventing cross-application interference and ensuring each application uses only its own encoder beans.

</GHA-BLOG-SUMMARY>

martindrozdz
martindrozdz reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@martindrozdz martindrozdz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my comments above.
I've added what I need replaced in the comments.

@navaneethsnair1 navaneethsnair1 merged commit 990749e into staging May 6, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martindrozdz martindrozdz martindrozdz left review comments

@rangaran rangaran Awaiting requested review from rangaran

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@navaneethsnair1 @arkarkala @rangaran @martindrozdz