Using custom implementation for auth token ,How to leverage security context holder to get authentication if token is not changed for subsequent request

[Dinesh123]

I am using custom implementation for authentication as mentioned in your document. Using authsceheme selector and provider , I don't want to authenticate for every request instead i want to leverage Context to get current authentication object and check if token has not changed.

I am not sure how authentication object is saved in SecurityContextHolder, i do see it gets cleared with every request. overall i don't understand intention behind saving authentication object in security context holder if its not used for subsequent request.

I am using unary call's

[jvmlet]

The intention of saving it in context is to enable the service call implementation to obtain the details of the user currently executing the request. What you are looking for is the http-session-scope alternative for grpc call. This doesn't exist. IFIAK. But, http session is a simply caching mechanism you can implement by your self to hold token->Authentication map to gain performance by caching the authentication result .