feat(java-spring-ai-agents): centralize AgentCore dependency management and enhance auth

Author: Yuriy

apps/java-spring-ai-agents/aiagent/pom.xml

@@ -54,13 +54,11 @@
         <dependency>
             <groupId>org.springaicommunity</groupId>
             <artifactId>spring-ai-agentcore-code-interpreter</artifactId>
-            <version>1.0.0-RC8</version>
         </dependency>
 		<!-- AgentCore Browser -->
         <dependency>
             <groupId>org.springaicommunity</groupId>
             <artifactId>spring-ai-agentcore-browser</artifactId>
-            <version>1.0.0-RC8</version>
         </dependency>
 		<!-- Bedrock Runtime SDK for web grounding -->
         <dependency>
@@ -80,13 +78,11 @@
         <dependency>
             <groupId>org.springaicommunity</groupId>
             <artifactId>spring-ai-agentcore-memory</artifactId>
-            <version>1.0.0-RC8</version>
         </dependency>
 	    <!-- AgentCore dependencies -->
         <dependency>
             <groupId>org.springaicommunity</groupId>
             <artifactId>spring-ai-agentcore-runtime-starter</artifactId>
-            <version>1.0.0-RC8</version>
         </dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -130,6 +126,13 @@
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+			<dependency>
+				<groupId>org.springaicommunity</groupId>
+				<artifactId>spring-ai-agentcore-bom</artifactId>
+				<version>1.0.0-RC8</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
 			<dependency>
 				<groupId>software.amazon.awssdk</groupId>
 				<artifactId>bom</artifactId>

apps/java-spring-ai-agents/aiagent/src/main/java/com/example/agent/ChatService.java

@@ -73,10 +73,9 @@ public ChatService(AgentCoreMemory agentCoreMemory,
 
         List<Advisor> advisors = new ArrayList<>();
 
-        if (advisors.size() > 0) {
-            advisors.addAll(agentCoreMemory.advisors);
-            logger.info("Advisors enabled: {} advisors", agentCoreMemory.advisors);
-        }
+        // Memory (STM + LTM)
+        advisors.addAll(agentCoreMemory.advisors);
+        logger.info("Memory enabled: {} advisors", agentCoreMemory.advisors.size());
 
         // Knowledge Base (RAG)
         if (kbVectorStore != null) {
@@ -135,10 +134,10 @@ public Flux<String> chat(ChatRequest request, AgentCoreContext context) {
                     String userPrompt = (request.prompt() != null && !request.prompt().trim().isEmpty())
                         ? request.prompt() : "Process this document";
                     String combinedPrompt = userPrompt + "\n\nDocument analysis:\n" + documentAnalysis;
-                    return chat(combinedPrompt, getSessionId(context));
+                    return chat(combinedPrompt, getConversationId(context));
                 });
         }
-        return chat(request.prompt(), getSessionId(context));
+        return chat(request.prompt(), getConversationId(context));
     }
 
     private Flux<String> chat(String prompt, String sessionId) {
@@ -150,7 +149,7 @@ private Flux<String> chat(String prompt, String sessionId) {
             .contextWrite(ctx -> ctx.put(SessionConstants.SESSION_ID_KEY, sessionId));
     }
 
-    private String getSessionId(AgentCoreContext context) {
+    private String getConversationId(AgentCoreContext context) {
         return ConversationIdResolver.resolve(context);
     }
 

apps/java-spring-ai-agents/aiagent/src/main/resources/static/auth.js

@@ -40,7 +40,8 @@ function clearAuth() {
 
 function isAuthenticated() {
     const auth = loadAuth();
-    if (!auth || !auth.expiresAt || !auth.accessToken) return false;
+    if (!auth || !auth.expiresAt) return false;
+    if (auth.authType !== 'simple' && !auth.accessToken) return false;
     return !isSessionExpired(auth);
 }
 
@@ -49,7 +50,28 @@ function isSessionExpired(auth) {
 }
 
 async function authenticateUser(username, password, config) {
-    return authenticateCognito(username, password, config);
+    if (config.authType === 'cognito') {
+        return authenticateCognito(username, password, config);
+    }
+    return authenticateSimple(username, password);
+}
+
+async function authenticateSimple(username, password) {
+    if (!username || username.trim() === '') {
+        throw new Error('Username is required');
+    }
+
+    const auth = {
+        username: username,
+        expiresAt: Date.now() + (24 * 60 * 60 * 1000),
+        authType: 'simple'
+    };
+
+    // Use username as session ID for simple auth
+    sessionStorage.setItem(SESSION_KEY, username);
+
+    saveAuth(auth);
+    return auth;
 }
 
 async function authenticateCognito(username, password, config) {

apps/java-spring-ai-agents/scripts/02-memory.sh

@@ -51,6 +51,15 @@ if [ -z "${AGENTCORE_MEMORY_MEMORY_ID}" ]; then
     done && echo " ACTIVE"
 fi
 
+# Write memory config to application.properties
+grep -q "agentcore.memory.memory-id" ~/environment/aiagent/src/main/resources/application.properties 2>/dev/null || \
+cat >> ~/environment/aiagent/src/main/resources/application.properties << PROPS
+
+# AgentCore Memory
+agentcore.memory.memory-id=${AGENTCORE_MEMORY_MEMORY_ID}
+agentcore.memory.long-term.auto-discovery=true
+PROPS
+
 ## Adding LTM strategies
 
 # Check if strategies already exist
@@ -79,38 +88,14 @@ else
     done && echo " ACTIVE"
 fi
 
-## Getting strategy IDs
-
-echo ""
-echo "3. Get strategy IDs and save to environment file"
-
-SEMANTIC_ID=$(aws bedrock-agentcore-control get-memory --memory-id "${AGENTCORE_MEMORY_MEMORY_ID}" \
-    --no-cli-pager --query "memory.strategies[?name=='SemanticFacts'].strategyId | [0]" --output text)
-PREFS_ID=$(aws bedrock-agentcore-control get-memory --memory-id "${AGENTCORE_MEMORY_MEMORY_ID}" \
-    --no-cli-pager --query "memory.strategies[?name=='UserPreferences'].strategyId | [0]" --output text)
-
-# Update .envrc only if values changed
-if ! grep -q "AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID=${SEMANTIC_ID}" ~/environment/.envrc 2>/dev/null; then
-    # Remove old entries if they exist
-    sed -i.bak '/AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID/d' ~/environment/.envrc 2>/dev/null || true
-    echo "export AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID=${SEMANTIC_ID}" >> ~/environment/.envrc
-fi
-
-if ! grep -q "AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID=${PREFS_ID}" ~/environment/.envrc 2>/dev/null; then
-    # Remove old entries if they exist
-    sed -i.bak '/AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID/d' ~/environment/.envrc 2>/dev/null || true
-    echo "export AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID=${PREFS_ID}" >> ~/environment/.envrc
-fi
-
-# Clean up backup files
-rm -f ~/environment/.envrc.bak
-
 echo ""
 echo "=============================================="
 echo "Memory setup complete!"
 echo "=============================================="
 echo ""
 echo "Environment variables saved to ~/environment/.envrc:"
 echo "  AGENTCORE_MEMORY_MEMORY_ID=${AGENTCORE_MEMORY_MEMORY_ID}"
-echo "  AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID=${SEMANTIC_ID}"
-echo "  AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID=${PREFS_ID}"
+echo ""
+echo "Application properties written to application.properties:"
+echo "  agentcore.memory.memory-id=${AGENTCORE_MEMORY_MEMORY_ID}"
+echo "  agentcore.memory.long-term.auto-discovery=true"

apps/java-spring-ai-agents/scripts/03-knowledgebase.sh

@@ -144,11 +144,13 @@ else
     done && echo " ACTIVE"
 fi
 
-# Save KB ID to environment
-if ! grep -q "SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID=${KB_ID}" ~/environment/.envrc 2>/dev/null; then
-    sed -i.bak '/SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID/d' ~/environment/.envrc 2>/dev/null || true
-    echo "export SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID=${KB_ID}" >> ~/environment/.envrc
-fi
+# Write KB config to application.properties
+grep -q "spring.ai.vectorstore.bedrock-knowledge-base.knowledge-base-id" ~/environment/aiagent/src/main/resources/application.properties 2>/dev/null || \
+cat >> ~/environment/aiagent/src/main/resources/application.properties << PROPS
+
+# Knowledge Base
+spring.ai.vectorstore.bedrock-knowledge-base.knowledge-base-id=${KB_ID}
+PROPS
 
 ## Creating data source and ingesting documents
 
@@ -205,5 +207,5 @@ echo "=============================================="
 echo "Knowledge Base setup complete!"
 echo "=============================================="
 echo ""
-echo "Environment variable saved to ~/environment/.envrc:"
-echo "  SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID=${KB_ID}"
+echo "Application properties written to application.properties:"
+echo "  spring.ai.vectorstore.bedrock-knowledge-base.knowledge-base-id=${KB_ID}"

apps/java-spring-ai-agents/scripts/06-mcp-gateway.sh

@@ -148,6 +148,16 @@ if ! grep -q "GATEWAY_URL=" ~/environment/.envrc 2>/dev/null; then
     echo "export GATEWAY_URL=${GATEWAY_URL}" >> ~/environment/.envrc
 fi
 
+# Write MCP client config to application.properties
+grep -q "spring.ai.mcp.client.streamablehttp.connections.gateway.url" ~/environment/aiagent/src/main/resources/application.properties 2>/dev/null || \
+cat >> ~/environment/aiagent/src/main/resources/application.properties << PROPS
+
+# MCP Client
+spring.ai.mcp.client.toolcallback.enabled=true
+spring.ai.mcp.client.initialized=false
+spring.ai.mcp.client.streamablehttp.connections.gateway.url=${GATEWAY_URL}
+PROPS
+
 ## Adding the backoffice target
 
 echo ""

apps/java-spring-ai-agents/scripts/07-aiagent-cognito.sh

@@ -141,16 +141,17 @@ done
 
 echo "Test users: admin, alice, bob"
 
-## Save issuer URI for Spring Security
+## Write security config to application.properties
 
 echo ""
-echo "4. Save issuer URI for Spring Security"
+echo "4. Write security config to application.properties"
 
-SPRING_ISSUER_URI="https://cognito-idp.${AWS_REGION}.amazonaws.com/${AIAGENT_USER_POOL_ID}"
-if ! grep -q "SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=" ~/environment/.envrc 2>/dev/null; then
-    sed -i.bak '/SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=/d' ~/environment/.envrc 2>/dev/null || true
-    echo "export SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=${SPRING_ISSUER_URI}" >> ~/environment/.envrc
-fi
+grep -q "spring.security.oauth2.resourceserver.jwt.issuer-uri" ~/environment/aiagent/src/main/resources/application.properties 2>/dev/null || \
+cat >> ~/environment/aiagent/src/main/resources/application.properties << PROPS
+
+# Security
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://cognito-idp.${AWS_REGION}.amazonaws.com/${AIAGENT_USER_POOL_ID}
+PROPS
 
 # Clean up backup files
 rm -f ~/environment/.envrc.bak
@@ -165,4 +166,7 @@ echo "  AIAGENT_USER_POOL_ID=${AIAGENT_USER_POOL_ID}"
 echo "  AIAGENT_CLIENT_ID=${AIAGENT_CLIENT_ID}"
 echo "  AIAGENT_DISCOVERY_URL=${AIAGENT_DISCOVERY_URL}"
 echo ""
+echo "Application properties written to application.properties:"
+echo "  spring.security.oauth2.resourceserver.jwt.issuer-uri=https://cognito-idp.${AWS_REGION}.amazonaws.com/${AIAGENT_USER_POOL_ID}"
+echo ""
 echo "Test users created: admin, alice, bob (password: \${IDE_PASSWORD})"

apps/java-spring-ai-agents/scripts/08-aiagent-runtime.sh

@@ -20,11 +20,6 @@ if [ -z "${AIAGENT_USER_POOL_ID}" ] || [ -z "${AIAGENT_CLIENT_ID}" ] || [ -z "${
     exit 1
 fi
 
-if [ -z "${AGENTCORE_MEMORY_MEMORY_ID}" ]; then
-    echo "Error: Missing Memory variables. Run 02-memory.sh first."
-    exit 1
-fi
-
 # Get account ID and region
 ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text --no-cli-pager)
 AWS_REGION=$(aws configure get region)
@@ -179,17 +174,6 @@ EXISTING_RUNTIME_ID=$(aws bedrock-agentcore-control list-agent-runtimes \
     --region ${AWS_REGION} --no-cli-pager \
     --query "agentRuntimes[?agentRuntimeName=='aiagent'].agentRuntimeId | [0]" --output text 2>/dev/null || echo "None")
 
-# Build environment variables JSON
-cat > /tmp/aiagent-env.json << EOF
-{
-  "AGENTCORE_MEMORY_MEMORY_ID": "${AGENTCORE_MEMORY_MEMORY_ID}",
-  "AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID": "${AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID}",
-  "AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID": "${AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID}",
-  "SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID": "${SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID}",
-  "SPRING_AI_MCP_CLIENT_STREAMABLEHTTP_CONNECTIONS_GATEWAY_URL": "${GATEWAY_URL}"
-}
-EOF
-
 if [ "${EXISTING_RUNTIME_ID}" != "None" ] && [ -n "${EXISTING_RUNTIME_ID}" ]; then
     echo "AgentCore Runtime already exists: ${EXISTING_RUNTIME_ID}"
     echo "Updating runtime with latest configuration..."
@@ -201,8 +185,7 @@ if [ "${EXISTING_RUNTIME_ID}" != "None" ] && [ -n "${EXISTING_RUNTIME_ID}" ]; th
         --agent-runtime-artifact "{\"containerConfiguration\":{\"containerUri\":\"${ECR_URI}:latest\"}}" \
         --network-configuration "{\"networkMode\":\"VPC\",\"networkModeConfig\":{\"subnets\":[\"${SUBNET_ID}\"],\"securityGroups\":[\"${SG_ID}\"]}}" \
         --authorizer-configuration "{\"customJWTAuthorizer\":{\"discoveryUrl\":\"${AIAGENT_DISCOVERY_URL}\",\"allowedClients\":[\"${AIAGENT_CLIENT_ID}\"]}}" \
-        --request-header-configuration '{"requestHeaderAllowlist":["Authorization"]}' \
-        --environment-variables file:///tmp/aiagent-env.json \
+        --request-header-configuration '{"requestHeaderAllowlist":["Authorization","X-Amzn-Bedrock-AgentCore-Runtime-Session-Id"]}' \
         --region ${AWS_REGION} \
         --no-cli-pager
 
@@ -221,8 +204,7 @@ else
         --agent-runtime-artifact "{\"containerConfiguration\":{\"containerUri\":\"${ECR_URI}:latest\"}}" \
         --network-configuration "{\"networkMode\":\"VPC\",\"networkModeConfig\":{\"subnets\":[\"${SUBNET_ID}\"],\"securityGroups\":[\"${SG_ID}\"]}}" \
         --authorizer-configuration "{\"customJWTAuthorizer\":{\"discoveryUrl\":\"${AIAGENT_DISCOVERY_URL}\",\"allowedClients\":[\"${AIAGENT_CLIENT_ID}\"]}}" \
-        --request-header-configuration '{"requestHeaderAllowlist":["Authorization"]}' \
-        --environment-variables file:///tmp/aiagent-env.json \
+        --request-header-configuration '{"requestHeaderAllowlist":["Authorization","X-Amzn-Bedrock-AgentCore-Runtime-Session-Id"]}' \
         --region ${AWS_REGION} \
         --no-cli-pager \
         --query 'agentRuntimeId' --output text)
@@ -235,8 +217,6 @@ else
     done && echo " READY"
 fi
 
-rm -f /tmp/aiagent-env.json
-
 # Save runtime ID to environment
 if ! grep -q "AIAGENT_RUNTIME_ID=${AIAGENT_RUNTIME_ID}" ~/environment/.envrc 2>/dev/null; then
     sed -i.bak '/AIAGENT_RUNTIME_ID=/d' ~/environment/.envrc 2>/dev/null || true

apps/java-spring-ai-agents/scripts/12-aiagent-redeploy.sh

@@ -56,30 +56,16 @@ docker push "${ECR_URI}:latest"
 echo ""
 echo "2. Update the AgentCore Runtime"
 
-# Build environment variables JSON
-cat > /tmp/aiagent-env.json << EOF
-{
-  "AGENTCORE_MEMORY_MEMORY_ID": "${AGENTCORE_MEMORY_MEMORY_ID}",
-  "AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID": "${AGENTCORE_MEMORY_LONG_TERM_SEMANTIC_STRATEGY_ID}",
-  "AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID": "${AGENTCORE_MEMORY_LONG_TERM_USER_PREFERENCE_STRATEGY_ID}",
-  "SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID": "${SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID}",
-  "SPRING_AI_MCP_CLIENT_STREAMABLEHTTP_CONNECTIONS_GATEWAY_URL": "${GATEWAY_URL}"
-}
-EOF
-
 aws bedrock-agentcore-control update-agent-runtime \
     --agent-runtime-id "${AIAGENT_RUNTIME_ID}" \
     --role-arn "arn:aws:iam::${ACCOUNT_ID}:role/aiagent-runtime-role" \
     --agent-runtime-artifact "{\"containerConfiguration\":{\"containerUri\":\"${ECR_URI}:latest\"}}" \
     --network-configuration "{\"networkMode\":\"VPC\",\"networkModeConfig\":{\"subnets\":[\"${SUBNET_ID}\"],\"securityGroups\":[\"${SG_ID}\"]}}" \
     --authorizer-configuration "{\"customJWTAuthorizer\":{\"discoveryUrl\":\"${AIAGENT_DISCOVERY_URL}\",\"allowedClients\":[\"${AIAGENT_CLIENT_ID}\"]}}" \
-    --request-header-configuration '{"requestHeaderAllowlist":["Authorization"]}' \
-    --environment-variables file:///tmp/aiagent-env.json \
+    --request-header-configuration '{"requestHeaderAllowlist":["Authorization","X-Amzn-Bedrock-AgentCore-Runtime-Session-Id"]}' \
     --region ${AWS_REGION} \
     --no-cli-pager
 
-rm -f /tmp/aiagent-env.json
-
 echo -n "Waiting for runtime"
 while [ "$(aws bedrock-agentcore-control get-agent-runtime \
     --agent-runtime-id "${AIAGENT_RUNTIME_ID}" --region ${AWS_REGION} \

apps/java-spring-ai-agents/scripts/99-cleanup.sh

@@ -317,7 +317,8 @@ fi
 echo ""
 echo "## Deleting Knowledge Base"
 
-KB_ID="${SPRING_AI_VECTORSTORE_BEDROCK_KNOWLEDGE_BASE_KNOWLEDGE_BASE_ID}"
+KB_ID=$(aws bedrock-agent list-knowledge-bases --no-cli-pager \
+    --query "knowledgeBaseSummaries[?name=='aiagent-kb'].knowledgeBaseId | [0]" --output text 2>/dev/null || echo "")
 if [ -n "${KB_ID}" ]; then
     # Delete data sources first
     DS_IDS=$(aws bedrock-agent list-data-sources --knowledge-base-id "${KB_ID}" --no-cli-pager \