Improve isNoAuthMCPRequest method

[msm1992]

$subject

[coderabbitai]

📝 Walkthrough

Walkthrough

The isNoAuthMCPRequest method in McpInitHandler was modified to invert authorization logic for MCP JSON-RPC methods. Four methods (initialize, tool_list, notification_initialized, and ping) now explicitly allow unauthenticated access, while all others require authentication by default instead.

Changes

MCP No-Auth Request Authorization

Layer / File(s)	Summary
MCP method authorization flip components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/mcp/McpInitHandler.java	The isNoAuthMCPRequest switch statement was rewritten to return true only for initialize, tool_list, notification_initialized, and ping; all other methods now default to returning false (requiring auth) instead of true.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description contains only a placeholder '$subject' with no actual content related to the changeset, making it completely unhelpful.	Replace the placeholder with a meaningful description explaining the authorization logic change and its rationale for the MCP methods.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Improve isNoAuthMCPRequest method' is vague and generic, using the non-descriptive term 'Improve' without conveying what specific improvement was made to the method.	Provide a more specific title that describes the actual change, such as 'Change default MCP authorization logic in isNoAuthMCPRequest' or 'Update isNoAuthMCPRequest to require auth for most MCP methods'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/mcp/McpInitHandler.java (1)

237-237: 💤 Low value

throws McpException is now unreachable.

After the rewrite the method body no longer throws McpException; the declaration can be dropped (and the call site at Line 97 simplified) to keep the signature accurate.

♻️ Proposed cleanup

-    private boolean isNoAuthMCPRequest(String method) throws McpException {
+    private boolean isNoAuthMCPRequest(String method) {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/mcp/McpInitHandler.java`
at line 237, The method isNoAuthMCPRequest in McpInitHandler no longer throws
McpException so remove the "throws McpException" from its signature and update
its callers in the same class to call it directly (removing any unnecessary
try/catch or exception propagation logic tied to McpException); recompile and
run tests to ensure callers that previously expected McpException are simplified
to plain boolean handling.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/mcp/McpInitHandler.java`:
- Line 237: The method isNoAuthMCPRequest in McpInitHandler no longer throws
McpException so remove the "throws McpException" from its signature and update
its callers in the same class to call it directly (removing any unnecessary
try/catch or exception propagation logic tied to McpException); recompile and
run tests to ensure callers that previously expected McpException are simplified
to plain boolean handling.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 186656ef-ccd2-41bd-b1c9-8391b3072aa3

📥 Commits

Reviewing files that changed from the base of the PR and between 5c3d0cb and 7a37931.

📒 Files selected for processing (1)

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/mcp/McpInitHandler.java