I guess MODE_INHERITABLETHREADLOCAL
doesn’t work correctly with thread pool.
As a possible solution you can try to subclass ThreadPoolTaskExecutor
and override its methods to propagate SecurityContext
manually, and then declare that executor instead of <task:executor>
, something like this:
public void execute(final Runnable r) {
final Authentication a = SecurityContextHolder.getContext().getAuthentication();
super.execute(new Runnable() {
public void run() {
try {
SecurityContext ctx = SecurityContextHolder.createEmptyContext();
ctx.setAuthentication(a);
SecurityContextHolder.setContext(ctx);
r.run();
} finally {
SecurityContextHolder.clearContext();
}
}
});
}