Spring Security ReactiveSecurityContextHolder.getContext() is null always with custom AuthenticationToken (Sample provided)

val messageByUsername: Mono<String>  = ReactiveSecurityContextHolder.getContext()
                        .map(SecurityContext::getAuthentication)
                        .map(Authentication::getName)

always returns null, even when security context contains the authentication.

Code for setting up security context

 return webFilterChain.filter(serverWebExchange).contextWrite {
                    var cont = ReactiveSecurityContextHolder.withSecurityContext(
                        Mono.just(
                            SecurityContextImpl(
                                injectSecurityPrincipal(reqHeaders[USER_ID_ATTRIBUTE]!!.first(), scopes)
                            )
                        )
                    )

Comment From: sjohnr

@Nida96, thanks for reaching out!

Would you be able to provide more details about the issue you're encountering? I'm not able to fully understand the issue based on the provided snippet of code. Additionally, it looks to be referencing a method that isn't provided (injectSecurityPrincipal). If possible, please provide a minimal, reproducible sample that demonstrates the issue.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: Nida96

override fun filter(serverWebExchange: ServerWebExchange, webFilterChain: WebFilterChain): Mono<Void> {
        try {
            // If request was validated, inject SecurityPrincipal to Current Thread's SecurityContext for Authorization
            val reqHeaders = serverWebExchange.request.headers
            val isValidated = reqHeaders[Constant.IS_VALIDATED_ATTRIBUTE]


            if (!isValidated.isNullOrEmpty() && isValidated[0].toBoolean()) {
                val scopes = reqHeaders[Constant.USER_SCOPES_ATTRIBUTE]!!.first()
                    .split(",".toRegex())
                    .toTypedArray()



                return webFilterChain.filter(serverWebExchange).contextWrite {
                    ReactiveSecurityContextHolder.withSecurityContext(
                        Mono.just(
                            SecurityContextImpl(
                                injectSecurityPrincipal(reqHeaders[USER_ID_ATTRIBUTE]!!.first(), scopes)
                            )
                        )
                    )
                }
            }

            return webFilterChain.filter(serverWebExchange)
        } catch (ex: Exception) {
            serverWebExchange.response.statusCode = HttpStatus.FORBIDDEN
            serverWebExchange.response.headers.add("X-Message", "Invalid token")
            return Mono.empty()
        }
    }

    private fun injectSecurityPrincipal(userName: String, scopes: Array<String>): Authentication {
        val authorities: List<GrantedAuthority> = Stream.of(*scopes)
            .map { SimpleGrantedAuthority(it) }
            .collect(Collectors.toList())

        return UsernamePasswordAuthenticationToken(
            User(userName, "", authorities),
            null,
            authorities
        )
    }

In the filter method, any attempt to getContext, returns null. Like below:

val messageByUsername: Mono = ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
.map(Authentication::getName)

Comment From: sjohnr

@Nida96, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.