Create the CSRF token on the bounded elactic scheduler

The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation. This commit changes the subscriber thread to the bounded elactic scheduler. Closes gh-9018
spring-projects · Sep 16, 2020 · e444713 · e444713
1 parent 4f849de
commit e444713
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...in/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java b/...in/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java
@@ -26,6 +26,7 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Schedulers;
 
 /**
  * A {@link ServerCsrfTokenRepository} that persists the CSRF token in a cookie named "XSRF-TOKEN" and
@@ -62,7 +63,7 @@ public static CookieServerCsrfTokenRepository withHttpOnlyFalse() {
 
 	@Override
 	public Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
-		return Mono.fromCallable(this::createCsrfToken);
+		return Mono.fromCallable(this::createCsrfToken).subscribeOn(Schedulers.boundedElastic());
 	}
 
 	@Override