I can't say off the top of my head that you can or cannot replicate behavior with security context. Mdccontextpropagationchannelinterceptor is made same way as securitycontextpropagationchannelinterceptor. In this quick tutorial, we presented the spring support for sending asynchronous requests with propagated securitycontext From a programming model perspective, the new capabilities appear deceptively simple. Security context propagation is essential for maintaining authentication and authorization across asynchronous boundaries The key is to never assume the context automatically travels with your execution flow—always use the appropriate delegation wrapper for your concurrency model.
We solved this by wrapping our executorservice in a lightweight decorator that captures the mdc + securitycontext from the submitting thread and restores them inside the worker thread. In spring boot 3 adding micrometer automatically propagates tracing headers without any need of adding schedulerhook However, we still need to add filters in webclient for logging request & response along with tracing headers. Now that we understand the root cause of mdc context loss in spring webflux and netty, let’s explore a straightforward solution to ensure our logs remain cohesive and traceable. At this point you may be asking yourself how does this shield my code of any knowledge of spring security? instead of creating the securitycontext and the delegatingsecuritycontextexecutor in our own code, we can inject an already initialized instance of delegatingsecuritycontextexecutor.
OPEN
