In spring mvc with reactive API, it uses a custom reactor subscriber, SecurityReactorContextSubscriber, to propagate the authentication and servlet request and response to the reactor operation chain. (Defined in SecurityReactorContextConfiguration imported by OAuth2ImportSelector)
The micrometer context-propagation library provides support for propagating such objects between threadlocal and reactor operation chains.
It is nice to migrate to it which aligns how micrometer observations are propagated as well as avoiding reactor corner cases that may not able to propagate by Hooks.onLastOperator.
cc @sjohnr, @chemicL
relates to https://github.com/spring-projects/spring-security/issues/11973
Comment From: rstoyanchev
Currently we have a SecurityContextThreadLocalAccessor in Spring for GraphQL that I can see would be more generally applicable. Not sure if that belongs in this issue or another.