spring-security: ReactiveSecurityContextHolder.getContext() is broken when used with Mono.toFuture().
Summary
ReactiveSecurityContextHolder is broken when used with Futures. It does not always provide results and sometimes just fires the onComplete signal.
Actual Behavior
Executes onComplete()
Expected Behavior
Should execute onNext()
Version
5.0.7 Release
Sample
@Test
public void testWorkingContext() {
Authentication authentication = new PreAuthenticatedAuthenticationToken("TEST", "");
Mono<String> working = ReactiveSecurityContextHolder.getContext()
.map(securityContext -> (String)securityContext.getAuthentication().getPrincipal());
Mono<String> stringMono = working.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
StepVerifier.create(stringMono).expectNext("TEST").verifyComplete();
}
@Test
public void testBrokenContext() {
Authentication authentication = new PreAuthenticatedAuthenticationToken("TEST", "");
Mono<String> working = ReactiveSecurityContextHolder.getContext()
.map(securityContext -> (String)securityContext.getAuthentication().getPrincipal());
Mono<String> broken = Mono.fromFuture(working.toFuture());
Mono<String> stringMono = broken.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
StepVerifier.create(stringMono).expectNext("TEST").verifyComplete();
}
About this issue
- Original URL
- State: open
- Created 6 years ago
- Reactions: 3
- Comments: 18 (3 by maintainers)
@dave-fl Right. This is why I didn’t immediately close the issue since this seems somewhat reasonable to support to me.
In any case, this is something we will need Project Reactor to support. which is why I pinged Simon and Stephane. We will wait to see what their thoughts are.