Principal is null when executing requests over WebSocket with Spring MVC #342
Description
When executing GraphQL requests through websockets, the injected Principal is null. I tried with and without the introduced @AuthenticatedPrincipal annotation, but without a succesful result. Through the HTTP transport, the Principal is injected and everything works as expected.
To demonstrate the issue, I created a demo repo with a basic Spring Boot 2.7.0-m3 application.
To reproduce the issue for the websocket transport with websocat:
~ spring-graphql-principal$ websocat --basic-auth user:password ws://localhost:8080/graphql
**{"type":"connection_init"}**
{"id":null,"type":"connection_ack","payload":{}}
**{"id":"1","type":"subscribe","payload":{"query":"{ helloWorld }"}}**
{"id":"1","type":"next","payload":{"errors":[{"message":"Cannot invoke \"java.security.Principal.getName()\" because \"principal\" is null","locations":[{"line":1,"column":3}],"path":["helloWorld"],"extensions":{"classification":"INTERNAL_ERROR"}}],"data":{"helloWorld":null}}}
{"id":"1","type":"complete","payload":{}}To see the result for the HTTP transport, use the following curl command:
curl --location --request POST 'http://localhost:8080/graphql' \
--header 'Authorization: Basic dXNlcjpwYXNzd29yZA==' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"{ helloWorld }"}'
Seems to be somewhat related to #268 . I tried to pinpoint where it goes wrong, but couldn't figure it out. My first guess would be that the ThreadLocal variables from e.g. the SecurityContext are not properly transferred to the thread handling the actual query.