CompletableFuture and atlassian-connect-spring-boot

Confluence Development Confluence Cloud
#1

Dear Community,

I just wondered whether anybody managed to return a CompletableFuture of a result rather than the actual result in a atlassian-connect-spring-boot controller endpoint. I tried to implement this but atlassian-connect-spring-boot returns unauthorized in this case. The below is not working:

@RequestMapping(value = "/some-endpoint", method = RequestMethod.GET)
@ResponseBody
public CompletableFuture<String> someEndpoint(@AuthenticationPrincipal AtlassianHostUser hostUser...

Thank you

Andreas

#2

Hi @andreas1,

this seems like a bug in atlassian-connect-spring-boot.

Per Spring MVC 3.2 Preview: Making a Controller Method Asynchronous, there are three threads involved in processing of an async request in Servlet 3:

  1. Handling the request and starting concurrent processing
  2. Invoking the handler to produce a response
  3. Returning the response to the caller

WebMvcConfigurer#configureAsyncSupport(AsyncSupportConfigurer) enables providing a DelegatingSecurityContextAsyncTaskExecutor which ensures the Spring Security context is propagated from the first to the second thread. However, the security context isn’t propagated to the third thread, and I haven’t been able to find any mechanism for doing so.

In the third thread, com.atlassian.connect.spring.internal.auth.RequireAuthenticationHandlerInterceptor blocks the request, since the handler requires authentication but none can be found.

I have raised this as ACSPRING-73.

#3

Dear Einar,

thank you for taking it on the list.

Andreas