yuqi1129 opened a new issue, #11572: URL: https://github.com/apache/gravitino/issues/11572
### Describe the subtask In HTTP transport mode, extract the Bearer token from each incoming MCP HTTP request's `Authorization` header and use it for that request's Gravitino calls. Concurrent sessions with different principals must be fully isolated — one principal's identity must never leak into another's calls. FastMCP 3.2.0 provides `get_http_request()` from `fastmcp.server.dependencies` which enables header access in middleware. **Changes:** - `mcp_server/server.py`: in HTTP transport mode, extract per-request `Authorization` header via `get_http_request()` and override the token used for that request's Gravitino calls - `mcp_server/core/context.py`: support a per-request token that takes priority over the static startup token **Acceptance:** - Two concurrent HTTP sessions with different tokens each reach Gravitino with their own correct token - Removing the per-request header falls back to the static startup token (if configured) ### Parent issue TBD (EPIC to be linked after creation) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
