You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 25, 2021. It is now read-only.
Spring webflux uses Reactor for its async logic. Its made of a chain of Mono<T>'s. That chain can carry a context that can be used anywhere in your code within the scope of that single request. The SecurityContext resides within that chain context.
That chain is broken by the underlying implementation of DataFetcher which uses CompletableFuture for its own async code. As a result the User is no longer authenticated at any point after the logic is delegated to GraphQL-Java.
One solution to this is to add the SecurityContext to the ExecutionInput's context, so that we are at least able to access it (even if its not the normal way)