Would you consider it safe to store per-request data in ThreadLocal storage? As an example, I have an endpoint that receives an auth token as part of the request. I'm currently passing this token along with various other parameters to my business logic, which again passes the token along to the external service client it ends up calling. Below is a crude diagram of what I'm trying to describe. Bracketed items are part of my system:

{browser} ->  [Endpoint] -> [BusinessLogic] -> [ExternalServiceClient] -> {external server}

Having all the methods in [businessLogic] and [ExternalServiceClient] take an additional parameter

token:String

, feels is pretty un-elegant, so I was considering options to be able to set this token "globally" during the start of a request, and then clean it up afterwards. ThreadLocal came to mind, but I'm not sure if my assumption holds 😛 Any suggestions are welcome!