spring-demo-mcp-server-sse

Spring Boot demo that exposes a simple UserService both as REST endpoints and as MCP tools over an SSE session endpoint, with JSON-RPC messages sent to a per-session messages endpoint.

Evaluated Apr 04, 2026 (16d ago)
Homepage ↗ Repo ↗ DevTools java spring-boot sse mcp json-rpc spring-ai tool-calling demo integration-tests
⚙ Agent Friendliness
50
/ 100
Can an agent use this?
🔒 Security
25
/ 100
Is it safe for agents?
⚡ Reliability
28
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
72
Documentation
80
Error Messages
0
Auth Simplicity
20
Rate Limits
5

🔒 Security

TLS Enforcement
30
Auth Strength
10
Scope Granularity
10
Dep. Hygiene
45
Secret Handling
40

No authentication/authorization or TLS requirements are described in the README. Because this is a demo, production deployment would need explicit security controls (authn/authz, CSRF considerations for browser clients, session lifecycle protections, rate limiting, and secure headers). Dependency hygiene and secret handling cannot be verified from the provided text.

⚡ Reliability

Uptime/SLA
0
Version Stability
30
Breaking Changes
40
Error Recovery
40
AF Security Reliability

Best When

You want a runnable reference implementation to integrate Spring Boot services with MCP tool calling using SSE as the transport.

Avoid When

You need strong enterprise security guarantees out-of-the-box (authn/authz, rate limiting, and audit controls are not described here).

Use Cases

  • Create an MCP tool backed by a Spring Boot service
  • Demonstrate SSE-based session transport for JSON-RPC style messaging
  • Prototype LLM tool calling flows (e.g., VS Code MCP extensions) backed by Java services
  • Learn end-to-end integration of REST + MCP tool invocation

Not For

  • Production-grade, internet-exposed deployments without adding authentication/authorization and transport security hardening
  • Use as a general-purpose data streaming platform without reviewing backpressure/session lifecycle behavior
  • Handling sensitive user data without explicit privacy and security controls

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: No authentication described for REST or MCP endpoints (demo)
OAuth: No Scopes: No

The README does not mention authn/authz, API keys, OAuth, or any access control for the REST or MCP endpoints.

Pricing

Free tier: No
Requires CC: No

Open-source demo (Apache 2.0); no pricing information provided.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Requests must include a sessionId for MCP tool/completion requests (documented troubleshooting).
  • SSE is session-based: agents/clients must first create a session via /mcp/sse and use the returned messages endpoint for subsequent POSTs.

Alternatives

Dedicated MCP servers provided by vendors/platforms (with hosted infrastructure) Self-hosted MCP over WebSockets/HTTP with a production framework and explicit authn/authz Other Spring AI MCP examples or templates that include security and rate limiting

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for spring-demo-mcp-server-sse.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered