From 569860d1b4b92d7361eed6dc79d92d78cedc66b1 Mon Sep 17 00:00:00 2001
From: onobc <chris.bono@gmail.com>
Date: Wed, 28 Jan 2026 20:15:22 -0600
Subject: [PATCH] Do not re-fetch security context in auth interceptor

In the `AuthenticationProcessInterceptor` the security context was being
re-fetched from the holder. While this should not cause any issues, it
was surfacing an issue in a user's custom service that is using
the context propagation library. While this is somewhat of a workaround,
the re-fetch should not be necessary and it unblocks the user from
upgrading from Spring gRPC 0.7.0 to 1.0.x.

See #360

Signed-off-by: onobc <chris.bono@gmail.com>
---
 .../server/security/AuthenticationProcessInterceptor.java    | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/AuthenticationProcessInterceptor.java b/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/AuthenticationProcessInterceptor.java
index 3a306fc8..897c5ecf 100644
--- a/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/AuthenticationProcessInterceptor.java
+++ b/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/AuthenticationProcessInterceptor.java
@@ -96,11 +96,10 @@ else if (user == null || !user.isAuthenticated()) {
 			throw new BadCredentialsException("not authenticated");
 		}
 
-		SecurityContext currentContext = SecurityContextHolder.getContext();
 		try {
-			Context context = Context.current().withValue(GrpcSecurity.SECURITY_CONTEXT_KEY, currentContext);
+			Context context = Context.current().withValue(GrpcSecurity.SECURITY_CONTEXT_KEY, securityContext);
 			return new SecurityContextHandlerListener<ReqT, RespT>(Contexts.interceptCall(context, call, headers, next),
-					currentContext);
+					securityContext);
 		}
 		finally {
 			SecurityContextHolder.clearContext();