Skip to content
This repository was archived by the owner on Dec 19, 2023. It is now read-only.
This repository was archived by the owner on Dec 19, 2023. It is now read-only.

Wrong SecurityContext with async-mode-enabled: true results  #632

Closed
#635
Closed
Wrong SecurityContext with async-mode-enabled: true results #632
#635
Labels
bug
Milestone
12.0.0
@ncioj10

Description

@ncioj10
ncioj10
opened on May 18, 2021

Describe the bug
The Spring Security Context obtained by the OncePerRequestFilter is wrong when upgrading to 11.1.0 with async-mode-enabled: true by default.
This can lead to very serious security concerns as the context is also not cleared correctly so requests get sometimes authorized with credentials from other users.

To Reproduce
Create a Filter and try to access the context with SecurityContextHolder within the dataFetchers.

Expected behavior
The Security Context should contain the correct context.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions