I\'m developing a Spring boot based app. I noticed that for asynchronous endpoints authentication filter is called twice, for regular endpoints it\'s called once. I couldn\'t fi
I am seeing exactly the same behavior and I think it is related to the fact that asynchronous call is being split into 2 phases.
At first, regular container thread is kicked and an interim response is generated, but that response is not being returned to the client it is being held back until async dispatcher competes. Once async thread is done processing interim response is replaced with the real one from async thread and returned to the client.
Both threads go through the same filter chain. Therefore you see duplicate invocation.
If you want your filter to be invoked once you should extend from OncePerRequestFilter
. It will check if your filter was already invoked during the course of the request (even though the request handling consists of 2 stages each of them handled by their own threads).
I had the same problem with a concrete implementation of the class AbstractAuthenticationProcessingFilter
, I belive to solve it It's better create a custom implementation of whaterver class that implements OncePerRequestFilter
, in my particular case I created an implementation of AuthenticationFilter
.