I have an HTTP API written in Spring Reactive which fetches user details from the datastore. I am adding the description for the API below.

@Configuration
class Routes {

    @Bean
    fun router() = router {
        POST("/url") { request ->
            handle(request, ::retrieveUser)
        }
    }

    private inline fun <reified T, reified R> handle(
        request: ServerRequest,
        noinline handler: (T) -> Mono<R>
    ): Mono<ServerResponse> = request.bodyToMono(T::class.java)
        .flatMap { rq ->
            /*this will populate context with authorization header 
    Will in case of concurrent request is it possible for context to overwrite the same Authorization header tag */

            val authHeader = request.headers().header(HttpHeaders.AUTHORIZATION).firstOrNull()
            val context = Mono.subscriberContext().map { it.put("Authorization", authHeader ?: "") }
            context.flatMap { handler(rq).subscriberContext(it) }
        }
        .flatMap { ServerResponse.ok().bodyValue(it) }
}

There is a router defined and a POST API for the URL. Then there is a function named handle which fetches the Authorization token from the HTTP request if present and sets it in the spring reactive context with the same key. After that, it calls the handler with the request body passed as an rq argument.

Now sharing the implementation for retrieveUser

override fun retrieveUser(rq: RetrieveUserRequestType): Mono<RetrieveUserResponseType> {
    return retrieveSingleUser(rq.orderReferenceList?.orderReference?.first(), rq)
        .subscriberContext { it.populateContext() }
        .defaultIfEmpty(UserRetrieveHandle.NO_USERS_RESPONSE)
        .map { response ->
            response.withMessageInfo(rq.messageInfo)
                .withMessageStatus(MessageStatusType())
                .also {
                    it.messageInfo.withCreateDateTime(OffsetDateTime.now(ZoneOffset.UTC).toXMLGregorianCalendar())
                }
        }
}

private fun Context.populateContext(): Context {
    val oocid = UUID.randomUUID().toString()
    val requestId = UUID.randomUUID().toString()
    return this.mergeGlobalContext(mapOf(
        OOCID to oocid
    ))
        .mergeLocalContext(mapOf(REQUEST_ID to requestId))
        .put(KEY_OOCID, oocid)
        .put(REQUEST_ID, requestId)
}

here Context.populateContext() will add some random id’s which will be used for logging purpose and to be used in downstream

And for retrieveSingleUser is

fun retrieveSingleUser(): Mono<RetrieveUserResponseType> {
    return Mono.subscriberContext()
        .map { context ->
           //This will fetch authorization header from context 
            val authHeader = context.getOrDefault(HttpHeaders.AUTHORIZATION, "")
           
            RetrieveUserResponseType()
        }
}

retrieveSingleUser is the function which will access the authorization header token from the context for to be passed to downstream.

I have a question: in case of multiple concurrent requests, will the context be unique for each HTTP Request? Another way to frame this is in case of multiple concurrent requests will there be any chance context values for the “Authorization” key be overwritten?

The authorization header will be unique for each request and in my use case, one request should not overwrite the “Authorization” flag for the other. Will this context be shared among the threads or will it be unique for each incoming request?

Thanks in advance. Feel free to ask any question