Spring Security provides a lot of convenience to develop secure web applications. However, it relies strongly on a SecurityContext stored in a thread-local (inside the SecurityContextHolder class). If not mitigated, this causes issues in multi-threaded contexts. When using Kotlin Coroutines, there is an additional abstraction layer where you don’t really know (and don’t want to know) on which thread(s) your code will be running. Luckily, there is a relatively easy solution!