ThreadLocal - using as context information for REST API with spring-boot

Question

I have some spring-boot application (it exposes rest api). The mentioned REST API is secured by spring-security. Everything is fine, however now I need

Answer 1

1. If you use only one thread in your program, the answer is yes. There are no reasons run this operations in different threads, because switching threads is overhead. But in your program you or somebody can define async operations (@Async, Thread.start(), events, etc.) in that case there are more then one thread, and your ThreadLocal will handle value only for the first thread.

2. Yes, but see first paragraph.

I recommend for this task use thread safe cache (for example ConcurrentHashMap) associate with users. It will be simpler for understanding and thread safe. If you want use ThreadLocal you need to clarify and minimize his lifecycle in your application.

Answer 2

On your second question: clear thread local in the same filter in which you set it.

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    boolean contextSetViaThreadLocal = false;
    if (authentication != null && authentication.isAuthenticated()) {
        contextSetViaThreadLocal = true;
        // here we set context
    }
    // immediately after the conditional context store
    try {
        filterChain.doFilter(request, response);
    } finally {
        if (contextSetViaThreadLocal) {
            // clear the context
        }
    }

Answer 3

you should clear context once after request is completed.

try {
    filterChain.doFilter(request, response);
}
finally {
    // remove context here
}

Answer 4

it's single threaded unless you purposely initiate child threads. in such case use InheritableThreadLocal to store information.