[2.26.x] Ensure TimedSource uses query ThreadContext

[derekwilhelm]

What does this PR do?

Similar to #6784, when performing a query, the QueryOperations hands off the source execution of the queries to the SortedFederationStrategy. This class uses an ExecutorService to run the source queries in parallel within a thread pool in the SortedQueryMonitor class using the TimedSource class. Since these run in separate threads, they don't share the same thread context as the original query. This means that things like trace-id in the thread context are lost. Furthermore, if any of the Source implementations perform an action that sets or binds a user subject to the thread, then the thread in the thread pool will now have that user defined in its thread context going forward, including when it gets reused. If the source is simply trying to perform a user validation, then it could fail due to the thread context not having a security manager assigned.

This PR fixes this issue by retrieving the original ThreadContext resources from the original query thread and passing them to the TimedSource instance that is submitted to the ExecutorService. When the TimedSource executes the query, it clears the thread context of the executor thread and resets it to original thread context resources from the original query thread. This maintains the user subject across the threads along with any other thread context variables that may be important.

Who is reviewing it?

@jlcsmith @pklinef

Select relevant component teams:

@codice/core-apis @codice/security

Ask 2 committers to review/merge the PR and tag them here.

@andrewkfiedler @glenhein

How should this be tested?

This is rather difficult to test with base DDF. You need to have a Source registered in DDF that will either run some plugins that look for a user subject OR performs a user validation itself.

Any background context you want to provide?

What are the relevant tickets?

Fixes: #____

Screenshots

Checklist:

• [ ] Documentation Updated
• [ ] Update / Add Threat Dragon models
• [ ] Update / Add Unit Tests
• [ ] Update / Add Integration Tests

Notes on Review Process

Please see Notes on Review Process for further guidance on requirements for merging and abbreviated reviews.

Review Comment Legend:

• ✏️ (Pencil) This comment is a nitpick or style suggestion, no action required for approval. This comment should provide a suggestion either as an in line code snippet or a gist.
• ❓ (Question Mark) This comment is to gain a clearer understanding of design or code choices, clarification is required but action may not be necessary for approval.
• ❗ (Exclamation Mark) This comment is critical and requires clarification or action before approval.

[derekwilhelm]

build now

[cxddfbot]

Internal build has been started, your results will be available at build completion.

[cxddfbot]

Build FAILURE See the job results in legacy Jenkins UI or in Blue Ocean UI.

[jlcsmith]

build now

[cxddfbot]

Internal build has been started, your results will be available at build completion.

[cxddfbot]

Build SUCCESS See the job results in legacy Jenkins UI or in Blue Ocean UI.