No security context bound to the current thread. on a Custom API Endpoint

Hello, I created a custom API endpoint on top of our existing Cuba Project based on this example.

I was able to access the Controller, but when I tried to use an Entity inside, I get this error.

java.lang.SecurityException: No security context bound to the current thread

I know i can bypass this error by using but I get this error when I try to build our project.

  symbol:   class Authentication
  location: package

I have no problem using this class inside core-module, but not inside web-module.


Did you update the example with the latest CUBA version? The API has changed from CUBA 6 to CUBA 7, therefore you might have an issue with that.

Meanwhile you can try this example. It contains some extra libraries but also exposes custom REST API. Please let us know if you’ll have an issue with this example too.

Hello Andrey,

Thank you for the response and the example. I created a new Controller and setup access to permitAll with method POST but I always get HTTP Status 403 – Forbidden error (no issue on GET).

How can I remove the authentication layer completely on Portal?

P.S. I still cannot use the Authentication class on portal module.


I was able to persist the Data to DB using the DataService class.

For the HTTP Error 403, I was able to solve it by adding
<http pattern="/myapi" security="none"/> in portal-security-spring.xml.

Thanks a lot

1 Like

Glad that you were able to solve it. Please refer to the REST API Security documentation to be able to protect your endpoints properly.

1 Like


I am not sure if it should be on another thread. Since the Controller is created on portal-module instead of core-module, is there a way I can defined the property value in core and use in portal-module? If no, how can I define profile environment property file in portal-module?

Core module should contain services only. All interactons (REST, UI) should be placed to portal or web module. Please note that you can put custom REST controllers to web module too.

If you want to use runtime profiles for in portal module, just create property file with $ name, similar to $ in core and $ for web.

1 Like

I am using cuba 7.2.13 version.
I get this error: Request processing failed; nested exception is java.lang.SecurityException: No security context bound to the current thread

below my sample code


import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.inject.Inject;
import java.util.Map;

public class RestController {

protected DataManager dataManager;
protected Metadata metadata;

public ResponseEntity<Map> create() {
    Person person = metadata.create(Person.class);
    return new ResponseEntity<>(HttpStatus.CREATED);