Why is the JPA repository called from spring schedular not able to get the authentication from Security Context

Question

I have a springboot application where with authentication available in SecurityContext post login. Any call from Rest Controller to persist any entity, getCurrentAuditor() method is called which returns the current principle which is used for auto updating the created date column.

I created an schedular using spring "awaitility" dependency. However, this schedular calls an update on a entity. When update is called and spring authentication is checked, it comes as null, even though i have logged in from front end. From front end i am able to persist other entities and gets the authentication object as well.

As per my understanding, this might be happening because the schedular starts as soon as Springboot kicks in and making save request independently. If that understanding is correct, how should i resolve this?

Answer 1

If the Scheduler can use a "system" user for update the entity, you can do something like the following and in the scheduler code perform the authentication:

  public void authenticate() {
    Authentication auth = authenticationManager.authenticate(getBatch());
    SecurityContext sc = SecurityContextHolder.getContext();

    sc.setAuthentication(auth);
  }

  public UsernamePasswordAuthenticationToken getBatch() {

    return UsernamePasswordAuthenticationTokenBuilder.anUsernamePasswordAuthenticationToken()
        .withCredentials(batchProperties.getPassword()).withUserCode(batchProperties.getUser()).withUserDto(
            userDtoFactory.getBatch()).build();
  }