In spring mvc with reactive API, it uses a custom reactor subscriber, SecurityReactorContextSubscriber, to propagate the authentication and servlet request and response to the reactor operation chain. (Defined in SecurityReactorContextConfiguration imported by OAuth2ImportSelector)
The micrometer context-propagation library provides support for propagating such objects between threadlocal and reactor operation chains.
It is nice to migrate to it which aligns how micrometer observations are propagated as well as avoiding reactor corner cases that may not able to propagate by Hooks.onLastOperator.
Currently we have a SecurityContextThreadLocalAccessor in Spring for GraphQL that I can see would be more generally applicable. Not sure if that belongs in this issue or another.
In spring mvc with reactive API, it uses a custom reactor subscriber, SecurityReactorContextSubscriber, to propagate the authentication and servlet request and response to the reactor operation chain. (Defined in
SecurityReactorContextConfiguration
imported byOAuth2ImportSelector
)The micrometer context-propagation library provides support for propagating such objects between threadlocal and reactor operation chains.
It is nice to migrate to it which aligns how micrometer observations are propagated as well as avoiding reactor corner cases that may not able to propagate by
Hooks.onLastOperator
.cc @sjohnr, @chemicL
relates to https://github.com/spring-projects/spring-security/issues/11973