APP-13994: Introduced remote MCP server support using SSE #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Upgraded spring boot to 3.5.5 - Upgraded spotless plugin to 7.2.1 - Upgraded spring AI to 1.1.0 snapshot to fix issues with the security context not propagating to child threads correctly - Added a spring security configuration and jwt parsing for remote mcp support - Added an additional configuration file to support remote MCP - new 'remote' spring profile
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) |
There was a problem hiding this comment.
Pull Request Overview
This PR introduces remote MCP server support using Server-Sent Events (SSE) by upgrading dependencies and adding JWT-based authentication for remote connections.
- Upgraded Spring Boot to 3.5.5 and Spring AI to 1.1.0 snapshot to fix security context propagation issues
- Added JWT authentication support for remote MCP connections through new security configuration
- Introduced a new 'remote' Spring profile with SSE-based communication configuration
Reviewed Changes
Copilot reviewed 6 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| application-remote.properties | Adds remote profile configuration with SSE settings and disabled stdio |
| ApiService.java | Implements JWT token extraction from security context with fallback to static API token |
| JwtAuthenticationFilter.java | Adds JWT authentication filter for extracting and validating Bearer tokens |
| SecurityConfig.java | Configures Spring Security with JWT authentication and stateless session management |
| McpConfig.java | Updates import statement for ToolCallbacks class |
| README.md | Documents the new remote profile configuration and usage instructions |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
src/main/java/com/visotrust/viso/visomcpserver/security/JwtAuthenticationFilter.java
Show resolved
Hide resolved
src/main/java/com/visotrust/viso/visomcpserver/config/SecurityConfig.java
Outdated
Show resolved
Hide resolved
russellcsherman
approved these changes
Sep 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request
Description
Type of Change
Please delete options that are not relevant.
How Has This Been Tested?
Tested using the MCP inspector using SSE and STDIO transport types against the different spring profiles/configurations.