Spring Security yml configures sub-threads to get logged-in users

@Slf4j
@SpringBootApplication()
@MapperScan("com.exam.**.mapper")
@EnableAsync
public class QuestionApplication extends SpringBootServletInitializer {
    public static void main(String[] args) {
        SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
        StopWatch stopWatch = new StopWatch();
        log.info("========system start========");
        stopWatch.start();
        SpringApplication.run(QuestionApplication.class, args);
        stopWatch.stop();
        log.info("========boot complete========time consuming: {} second", stopWatch.getTotalTimeSeconds());
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(QuestionApplication.class);
    }
}

I want to configure the sub thread to obtain the information of the login user. Before starting, I need to use the static method SecurityContextHolder. setStrategyName (SecurityContextHolder. MODE_INHERITABLETHREADLOCAL) or the cmd command java jar app. jar-DSpring.security.strategy=MODE_ INHERITBLETHREADLOCAL to achieve my goal. Using static methods is not conducive to my future policy changes. Using CMD can achieve the goal of change, but it may be forgotten at the beginning. I hope you can change the spring. security.strategy parameter to read the configuration in the YML file

Comment From: jzheaux

YML properties are governed by Spring Boot, so you'd want to file an issue there with your request.

That said, I feel like there may be better approaches to what you are trying to do. The first is to consider using Spring Security's Concurrency API. These will propagate the security context between threads for you and allow you to use the default strategy.

Another is to publish a SecurityContextHolderStrategy bean. Even though InheritableThreadLocalSecurityContextHolderStrategy is package-private, it is a small class that would be simple to copy:

@Bean 
SecurityContextHolderStratregy securityContextHolderStrategy() {
    SecurityContextHolderStrategy strategy = new MyStrategy();
    SecurityContextHolder.setContextHolderStrategy(strategy);
    return strategy;
}

The nice thing that this gets you is you can access the security context using @Autowired.