java.lang.SecurityException: No security context bound to the current thread

abd.ibrahim.allam · October 27, 2020, 9:17pm

Hi Team ,

Currently we have Bean inside that bean we are executing queries through and do some business logic with below exception

java.lang.SecurityException: No security context bound to the current thread
	at com.haulmont.cuba.core.sys.AppContext.getSecurityContextNN(AppContext.java:153) ~[cuba-global-7.2.9.jar:7.2.9]
	at com.haulmont.cuba.core.sys.UserSessionSourceImpl.getUserSession(UserSessionSourceImpl.java:48) ~[cuba-core-7.2.9.jar:7.2.9]
	at com.haulmont.cuba.core.app.RdbmsStore.needToFilterByInMemoryReadConstraints(RdbmsStore.java:1037) ~[cuba-core-7.2.9.jar:7.2.9]
	at com.haulmont.cuba.core.app.RdbmsStore.createRestrictedView(RdbmsStore.java:796) ~[cuba-core-7.2.9.jar:7.2.9]
	at com.haulmont.cuba.core.app.RdbmsStore.load(RdbmsStore.java:150) ~[cuba-core-7.2.9.jar:7.2.9]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_211]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_211]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_211]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_211]
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.2.9.RELEASE.jar:5.2.9.RELEASE]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) ~[spring-aop-5.2.9.RELEASE.jar:5.2.9.RELEASE]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.9.RELEASE.jar:5.2.9.RELEASE]
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95) ~[spring-aop-5.2.9.RELEASE.jar:5.2.9.RELEASE]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.9.RELEASE.jar:5.2.9.RELEASE]
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.9.RELEASE.jar:5.2.9.RELEASE]
	at com.sun.proxy.$Proxy440.load(Unknown Source) ~[na:na]
	at com.haulmont.cuba.core.app.DataManagerBean.load(DataManagerBean.java:67) ~[cuba-core-7.2.9.jar:7.2.9]
	at com.haulmont.cuba.core.global.FluentLoader$ByQuery.one(FluentLoader.java:519) ~[cuba-global-7.2.9.jar:7.2.9]
	at com.vtss.vtower.core.repo.CommittedCostRepository.loadProjectCommittedCostItemByProjectIdAndCostItemIdAndBudgetRequestId(CommittedCostRepository.java:136) [vtower-core-0.1-SNAPSHOT.jar:na]

I followed many topic related to authenticating background Threads

below is sample

 purchaseOrderItems.forEach(item ->
                Executors.newSingleThreadScheduledExecutor().submit(new SecurityContextAwareRunnable(() -> {

                    ProjectCommittedCost committed =
                            loadProjectCommittedCostItemByProjectIdAndCostItemIdAndBudgetRequestId(projectId,
                                    item.getCostItem().getId(), budgetRequestId);

                    ProjectForecastingCost currentForecasting = forecastingCosts.stream()
                            .filter(forecasting -> item.getCostItem().getId().equals(forecasting.getCostItem().getId()))
                            .findAny()
                            .orElse(null);

                    if (Objects.isNull(committed)) {
                        createNewCommittedCost(currentForecasting, orderRequest,item);
                    } else {
                        updateCurrentCommittedCost(currentForecasting, committed,item);
                    }
                })));

but i’m still getting No security context boun to the current thread

@Note :

I’m also adding
@Authenticated on the inside called functions like createNewCommittedCost

krivopustov · October 28, 2020, 10:16am

Where do you call purchaseOrderItems.forEach()?
Is it a screen controller’s method?

abd.ibrahim.allam · October 28, 2020, 10:55am

Hi @knstvk,

It is bean inside core module

krivopustov · October 28, 2020, 12:25pm

OK, but how do you call this bean?
Are you sure it has a security context?

abd.ibrahim.allam · October 28, 2020, 1:19pm

I’m calling it from ServiceBean

And the bean is inside Core module and it is not the only bean that i’m using form the service

The only difference between that bean and the others is that one i’m trying to trigger separate thread for each item inside the list of items While calling any function inside Thread Executor i’m getting the exception

krivopustov · October 28, 2020, 1:48pm

OK, I see.
Your code looks correct to me. Could you make a test project where the problem is reproduced?

abd.ibrahim.allam · October 28, 2020, 7:30pm

I can share the full @Bean which contains the code is that one is fine with you ,
cause It is middle of the application

abd.ibrahim.allam · November 1, 2020, 1:07pm

Hi @knstvk

Is my suggestion is okay with you ?

krivopustov · November 2, 2020, 3:40pm

No, I need a reproducible case to identify the problem.