fix: resolve absolute and relative message endpoint uri

fixes java mcp message endpoint error modelcontextprotocol#103

Author: nirikash

mcp/pom.xml

@@ -126,6 +126,12 @@
 			<version>${junit.version}</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter-params</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
 			<artifactId>mockito-core</artifactId>

mcp/src/main/java/io/modelcontextprotocol/client/transport/HttpClientSseClientTransport.java

@@ -24,6 +24,7 @@
 import io.modelcontextprotocol.spec.McpSchema;
 import io.modelcontextprotocol.spec.McpSchema.JSONRPCMessage;
 import io.modelcontextprotocol.util.Assert;
+import io.modelcontextprotocol.util.Utils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import reactor.core.publisher.Mono;
@@ -340,7 +341,8 @@ public Mono<Void> connect(Function<Mono<JSONRPCMessage>, Mono<JSONRPCMessage>> h
 		CompletableFuture<Void> future = new CompletableFuture<>();
 		connectionFuture.set(future);
 
-		sseClient.subscribe(this.baseUri + this.sseEndpoint, new FlowSseClient.SseEventHandler() {
+		String clientUri = Utils.resolveUri(this.baseUri, this.sseEndpoint);
+		sseClient.subscribe(clientUri, new FlowSseClient.SseEventHandler() {
 			@Override
 			public void onEvent(SseEvent event) {
 				if (isClosing) {

mcp/src/main/java/io/modelcontextprotocol/util/Utils.java

@@ -4,6 +4,8 @@
 
 package io.modelcontextprotocol.util;
 
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.Collection;
 import java.util.Map;
 
@@ -52,4 +54,68 @@ public static boolean isEmpty(@Nullable Map<?, ?> map) {
 		return (map == null || map.isEmpty());
 	}
 
+	/**
+	 * Resolves the given endpoint URL against the base URL.
+	 * <ul>
+	 * <li>If the endpoint URL is relative, it will be resolved against the base URL.</li>
+	 * <li>If the endpoint URL is absolute, it will be validated to ensure it matches the
+	 * base URL's scheme, authority, and path prefix.</li>
+	 * <li>If validation fails for an absolute URL, an {@link IllegalArgumentException} is
+	 * thrown.</li>
+	 * </ul>
+	 * @param baseUrl The base URL (must be absolute)
+	 * @param endpointUrl The endpoint URL (can be relative or absolute)
+	 * @return The resolved endpoint URL as a string
+	 * @throws IllegalArgumentException If the absolute endpoint URL does not match the
+	 * base URL or URI is malformed
+	 */
+	public static String resolveUri(String baseUrl, String endpointUrl) {
+		try {
+			URI baseUri = new URI(baseUrl);
+			URI endpointUri = new URI(endpointUrl);
+			if (!endpointUri.isAbsolute()) {
+				URI resolvedUri = baseUri.resolve(endpointUri);
+				return resolvedUri.toString();
+			}
+			else {
+				if (isUnderBaseUri(baseUri, endpointUri)) {
+					return endpointUri.toString();
+				}
+				else {
+					throw new IllegalArgumentException("Absolute endpoint URL does not match the base URL.");
+				}
+			}
+		}
+		catch (URISyntaxException e) {
+			throw new IllegalArgumentException("Cannot resolve URI: " + e.getMessage(), e);
+		}
+	}
+
+	/**
+	 * Checks if the given absolute endpoint URI falls under the base URI. It validates
+	 * the scheme, authority (host and port), and ensures that the base path is a prefix
+	 * of the endpoint path.
+	 * @param baseUri The base URI
+	 * @param endpointUri The endpoint URI to check
+	 * @return true if endpointUri is within baseUri's hierarchy, false otherwise
+	 */
+	private static boolean isUnderBaseUri(URI baseUri, URI endpointUri) {
+		if (!baseUri.getScheme().equals(endpointUri.getScheme())
+				|| !baseUri.getAuthority().equals(endpointUri.getAuthority())) {
+			return false;
+		}
+
+		URI normalizedBase = baseUri.normalize();
+		URI normalizedEndpoint = endpointUri.normalize();
+
+		String basePath = normalizedBase.getPath();
+		String endpointPath = normalizedEndpoint.getPath();
+
+		if (basePath.endsWith("/")) {
+			basePath = basePath.substring(0, basePath.length() - 1);
+		}
+
+		return endpointPath.startsWith(basePath);
+	}
+
 }

mcp/src/test/java/io/modelcontextprotocol/client/transport/HttpClientSseClientTransportTests.java

@@ -7,12 +7,13 @@
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
 import java.time.Duration;
 import java.util.Map;
+import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
-import java.util.function.Consumer;
 import java.util.function.Function;
 
 import io.modelcontextprotocol.spec.McpSchema;
@@ -21,6 +22,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.Timeout;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
 import org.testcontainers.containers.GenericContainer;
 import org.testcontainers.containers.wait.strategy.Wait;
 import reactor.core.publisher.Mono;
@@ -31,6 +34,9 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 
@@ -364,4 +370,23 @@ void testChainedCustomizations() {
 		customizedTransport.closeGracefully().block();
 	}
 
+	@Test
+	@SuppressWarnings("unchecked")
+	void testResolvingClientEndpoint() {
+		HttpClient httpClient = Mockito.mock(HttpClient.class);
+		HttpResponse<Void> httpResponse = Mockito.mock(HttpResponse.class);
+		CompletableFuture<HttpResponse<Void>> future = new CompletableFuture<>();
+		future.complete(httpResponse);
+		when(httpClient.sendAsync(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(future);
+
+		HttpClientSseClientTransport transport = new HttpClientSseClientTransport(httpClient, HttpRequest.newBuilder(),
+				"http://example.com", "http://example.com/sse", new ObjectMapper());
+
+		transport.connect(Function.identity());
+
+		ArgumentCaptor<HttpRequest> httpRequestCaptor = ArgumentCaptor.forClass(HttpRequest.class);
+		verify(httpClient).sendAsync(httpRequestCaptor.capture(), any(HttpResponse.BodyHandler.class));
+		assertThat(httpRequestCaptor.getValue().uri()).isEqualTo(URI.create("http://example.com/sse"));
+	}
+
 }

mcp/src/test/java/io/modelcontextprotocol/util/UtilsTests.java

@@ -10,8 +10,12 @@
 import java.util.List;
 import java.util.Map;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
 
 class UtilsTests {
 
@@ -37,4 +41,34 @@ void testMapIsEmpty() {
 		assertFalse(Utils.isEmpty(Map.of("key", "value")));
 	}
 
+	@ParameterizedTest
+	@CsvSource({
+			// relative endpoints
+			"http://localhost:8080/root, /api/v1, http://localhost:8080/api/v1",
+			"http://localhost:8080/root/, api, http://localhost:8080/root/api",
+			"http://localhost:8080, /api, http://localhost:8080/api",
+			// absolute endpoints matching base
+			"http://localhost:8080/root, http://localhost:8080/root/api/v1, http://localhost:8080/root/api/v1",
+			"http://localhost:8080/root, http://localhost:8080/root, http://localhost:8080/root" })
+	void testValidUriResolution(String baseUrl, String endpoint, String expectedResult) {
+		String result = Utils.resolveUri(baseUrl, endpoint);
+		assertThat(result).isEqualTo(expectedResult);
+	}
+
+	@ParameterizedTest
+	@CsvSource({ "http://localhost:8080/root, http://localhost:8080/other/api",
+			"http://localhost:8080/root, http://otherhost/api",
+			"http://localhost:8080/root, http://localhost:9090/root/api" })
+	void testAbsoluteUriNotMatchingBase(String baseUrl, String endpoint) {
+		assertThatThrownBy(() -> Utils.resolveUri(baseUrl, endpoint)).isInstanceOf(IllegalArgumentException.class)
+			.hasMessageContaining("does not match the base URL");
+	}
+
+	@ParameterizedTest
+	@CsvSource({ "http://localhost:8080/<>root", "http://localhost:8080/ root", "http://localhost:8080/root}" })
+	void testInvalidUri(String baseUrl) {
+		assertThatThrownBy(() -> Utils.resolveUri(baseUrl, "")).isInstanceOf(IllegalArgumentException.class)
+			.hasMessageContaining("Cannot resolve URI");
+	}
+
 }