Dear Community,
I just wondered whether anybody managed to return a CompletableFuture of a result rather than the actual result in a atlassian-connect-spring-boot controller endpoint. I tried to implement this but atlassian-connect-spring-boot returns unauthorized in this case. The below is not working:
@RequestMapping(value = "/some-endpoint", method = RequestMethod.GET)
@ResponseBody
public CompletableFuture<String> someEndpoint(@AuthenticationPrincipal AtlassianHostUser hostUser...
Thank you
Andreas
Hi @andreas1,
this seems like a bug in atlassian-connect-spring-boot.
Per Spring MVC 3.2 Preview: Making a Controller Method Asynchronous, there are three threads involved in processing of an async request in Servlet 3:
- Handling the request and starting concurrent processing
- Invoking the handler to produce a response
- Returning the response to the caller
WebMvcConfigurer#configureAsyncSupport(AsyncSupportConfigurer)
enables providing a DelegatingSecurityContextAsyncTaskExecutor
which ensures the Spring Security context is propagated from the first to the second thread. However, the security context isn’t propagated to the third thread, and I haven’t been able to find any mechanism for doing so.
In the third thread, com.atlassian.connect.spring.internal.auth.RequireAuthenticationHandlerInterceptor
blocks the request, since the handler requires authentication but none can be found.
I have raised this as ACSPRING-73.
Dear Einar,
thank you for taking it on the list.
Andreas