Reputation: 1153
Does the spring security filterchain always run twice for Asynchronous requests?
From what I can tell, the spring security filterchain runs twice per request for @Async requests, because it runs on the inbound request thread, is passed to the async code which runs on a different thread, and then when it attempts to write to the response thread the security filterchain runs again. I believe this is due to the use of a ThreadLocal for storing the security context.
I am able to successfully pass the security context into the asynchronous code, the issue is whenever I attempt to write the response the filterchain runs again.
I am encountering a similar situation as described here:
Is this simply expected behavior that we should account for when using spring security, or is there a configuration I am missing that would prevent the second execution of the filterchain?
Upvotes: 2
Views: 1811
Answers (2)
Reputation: 87
Set property spring.security.filter.dispatcher-types=REQUEST,ERROR. Spring will not apply filters for call dispatched from async context.
Upvotes: 0
Reputation: 1153
got an answer here: https://github.com/spring-projects/spring-security-oauth/issues/736
apparently the fix is to configure security.filter-dispatcher-types=REQUEST, ERROR
Upvotes: 1
Related Questions
- When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
- Hoes does spring-security filter fetches session information from redis?
- Unit testing with Spring Security
- Get user that runs an asynchronous method
- Why filter chain is called twice for an asynchronous endpoint
- How to make Spring Security application to run behind a proxy?
- Spring-Security: Return Status 401 When AuthenticationManager Throws BadCredentialsException
- Spring Boot runs filter twice for requests returning a CompletionStage
- spring security oauth2 usage with async requests