feat: switch from WebFlux to Web MVC and update dependencies accordingly

README.md

@@ -368,18 +368,6 @@ HTTP/SSE transport has the following security vulnerabilities when deployed with
 4. **Network Exposure**: Unlike STDIO, HTTP endpoints are exposed over the network and accessible to any client that can
    reach the server
 
-### Securing HTTP/SSE Deployments
-
-If you need to deploy the MCP server with HTTP/SSE transport for remote access, you **must** implement security
-controls:
-
-1. **Use HTTPS**: Always use TLS/SSL encryption for production deployments
-2. **Implement OAuth2 Authentication**: Follow
-   the [Spring AI MCP OAuth2 guide](https://spring.io/blog/2025/04/02/mcp-server-oauth2/) to add authentication
-3. **Validate Origin Headers**: Implement origin header validation to prevent DNS rebinding attacks
-4. **Network Isolation**: Deploy behind a firewall or VPN, restricting access to trusted networks
-5. **Use API Gateways**: Consider deploying behind an API gateway with authentication and rate limiting
-
 ### Recommendation
 
 - **Local development/testing**: Use HTTP/SSE mode for testing with MCP Inspector, but only on localhost

build.gradle.kts

@@ -29,19 +29,20 @@ repositories {
 }
 
 dependencies {
-    implementation("org.springframework.boot:spring-boot-starter-actuator")
     annotationProcessor(libs.spring.boot.configuration.processor)
     annotationProcessor(libs.lombok)
 
     compileOnly(libs.lombok)
 
     developmentOnly(libs.bundles.spring.boot.dev)
 
-    implementation(libs.spring.boot.starter.webflux)
-    implementation(libs.spring.ai.starter.mcp.server.webflux)
+    implementation(libs.spring.boot.starter.actuator)
+    implementation(libs.spring.boot.starter.web)
+    implementation(libs.spring.ai.starter.mcp.server.webmvc)
     implementation(libs.solr.solrj) {
         exclude(group = "org.apache.httpcomponents")
     }
+
     implementation(libs.commons.csv)
     // JSpecify for nullability annotations
     implementation(libs.jspecify)

gradle/libs.versions.toml

@@ -23,8 +23,9 @@ testcontainers = "1.21.3"
 
 [libraries]
 # Spring
-spring-boot-starter-webflux = { module = "org.springframework.boot:spring-boot-starter-webflux" }
-spring-ai-starter-mcp-server-webflux = { module = "org.springframework.ai:spring-ai-starter-mcp-server-webflux" }
+spring-boot-starter-actuator = { module = "org.springframework.boot:spring-boot-starter-actuator" }
+spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web" }
+spring-ai-starter-mcp-server-webmvc = { module = "org.springframework.ai:spring-ai-starter-mcp-server-webmvc" }
 spring-ai-starter-mcp-client = { module = "org.springframework.ai:spring-ai-starter-mcp-client" }
 spring-ai-spring-boot-docker-compose = { module = "org.springframework.ai:spring-ai-spring-boot-docker-compose" }
 spring-ai-spring-boot-testcontainers = { module = "org.springframework.ai:spring-ai-spring-boot-testcontainers" }
@@ -58,15 +59,16 @@ junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher
 
 [bundles]
 spring-ai-mcp = [
-    "spring-boot-starter-webflux",
-    "spring-ai-starter-mcp-server-webflux"
+    "spring-boot-starter-web",
+    "spring-ai-starter-mcp-server-webmvc"
 ]
 
 spring-boot-dev = [
     "spring-boot-docker-compose",
     "spring-ai-spring-boot-docker-compose"
 ]
 
+
 test = [
     "spring-boot-starter-test",
     "spring-boot-testcontainers",

src/main/resources/application-sse.properties

@@ -1,3 +1,2 @@
-spring.main.web-application-type=reactive
-sever.port=8080
-spring.ai.mcp.server.type=async
+spring.main.web-application-type=servlet
+spring.ai.mcp.server.type=sync