Spring Security 4.2.x supports both synchronous and asynchronous MVC applications. It must be noted that both DispatcherServlet and DelegatingFilterProxy must be configured to support asynchronous processes and secure all the @Controller and services of the application. Moreover, SecurityContext must be accessible to all threads by setting the Spring Security variable spring.security.strategy to MODE_INHERITABLETHREADLOCAL by injecting the bean MethodInvokingFactoryBean into the context definition.

Once this recipe works perfectly, all security concepts elaborated in Chapter 4, Securing Spring MVC Applications, can be applied to all of the asynchronous services in this chapter.