lynchie14 opened a new issue, #1138: URL: https://github.com/apache/grails-spring-security/issues/1138
### Expected Behavior Configuring `grails.plugin.springsecurity.sch.strategyName='MODE_INHERITABLETHREADLOCAL'` should allow spawned threads to inherit authentication ### Actual Behaviour Spawned threads do not inherit authentication ### Steps To Reproduce In Spring security 5.8 (https://github.com/spring-projects/spring-security/commit/31e25b115e412b5c741b1cc80f1a2f33539610be) Direct calls to `SecurityContextHolder.getContext().getAuthentication()` where replaced with a instance level private `SecurityContextHolderStrategy securityContextHolderStrategy` instead. This means that once filters such as the `FilterSecurityInterceptor` are initialised they will fetch the current `SecurityContextHolder` strategy once. As a result of this change, in a case where you want to change the default strategy to `MODE_INHERITABLETHREADLOCAL` it will not work as the current location where this is set in plugin occurs after all the beans have been initialised and any changes to the strategy will not be updated in any of the security filters. Fix is to move the configuration to before the beans are configured. Attached sample repo has a secure controller that demonstrates the issue. ### Environment Information _No response_ ### Example Application https://github.com/lynchie14/g7schissue ### Version 7.0.0-M4 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
