This content originally appeared on DEV Community and was authored by Jayesh Shinde
Issue 1: CompletableFuture + Missing Security Context = 401 Unauthorized
When we started using CompletableFuture.supplyAsync() in our Spring Boot microservice, some calls to other services (via Feign client) started failing with 401 Unauthorized.
The reason:
-
CompletableFutureruns in a separate thread. - By default, the Spring Security context (and JWT token) is not propagated to that new thread.
- As a result, our Feign interceptor couldn’t attach the
Authorizationheader, and the downstream service rejected the request.
Fix: We wrapped our executor with DelegatingSecurityContextExecutorService so that the SecurityContext (including the JWT token) travels along with async tasks. After this change, the token was correctly added and the 401s disappeared.
Issue 2: Kafka Consumers and Group IDs
We also ran into a Kafka consumer issue. Initially, we used the same consumer group ID for multiple topics. This caused unexpected behavior:
- Consumers in the same group share messages.
- With a single group ID, messages from different topics were getting “competed” for by the same group, leading to missed or unbalanced consumption.
Fix: We gave each topic its own unique group ID. This way, each topic is consumed independently, and no messages are skipped.
Takeaway:
- For async code in Spring Security, always make sure the security context is propagated.
- For Kafka, think carefully about group IDs — same group = load balancing, different groups = independent consumption.
This content originally appeared on DEV Community and was authored by Jayesh Shinde
Jayesh Shinde | Sciencx (2025-09-23T08:27:53+00:00) Lessons Learned: CompletableFuture Security and Kafka Topic Grouping in Microservices. Retrieved from https://www.scien.cx/2025/09/23/lessons-learned-completablefuture-security-and-kafka-topic-grouping-in-microservices-4/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.