在Spring AOP方面从Sring Security获取用户身份验证的正确解决方案是什么？

我有一个方面可以审计实体的创建、删除等。在审计中我必须获取触发实体更改的用户。

package com.sdx.rootservice.auditing.aspect;

import com.sdx.rootservice.auditing.model.AuditType;
import com.sdx.rootservice.auditing.service.interfaces.AuditLogService;
import com.sdx.rootservice.dto.lead.AppealTypeDto;
import com.sdx.rootservice.security.model.JwtAuthentication;
import lombok.RequiredArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import java.util.Optional;

@Component
@Aspect
@Log4j2
@RequiredArgsConstructor
public class AuditAspect {

    private final AuditLogService auditLogService;

    @AfterReturning(pointcut = "execution(* com.sdx.rootservice.controller.company.AppealTypeController.create(..))",
            returning = "appealTypeDto")
    public void afterAppealTypeCreated(AppealTypeDto appealTypeDto) {
        var userId = fetchUserId();
        var targetId = appealTypeDto.getId();
        log.debug("Created new appeal type: " + appealTypeDto);
        auditLogService.logChanges(userId, "AppealType", targetId, AuditType.CREATE);
    }

    @AfterReturning(pointcut = "execution(* com.sdx.rootservice.controller.company.AppealTypeController.delete(..)) && args(id)")
    public void afterAppealTypeDeleted(Long id) {
        var userId = fetchUserId();
        log.debug("Deleted new appeal type: " + id);
        auditLogService.logChanges(userId, "AppealType", id, AuditType.DELETE);
    }

    private Long fetchUserId() {
        var authentication = (JwtAuthentication) SecurityContextHolder.getContext().getAuthentication();
        return Optional.ofNullable(authentication)
                .map(JwtAuthentication::getId)
                .orElse(null);
    }
}

恐怕，如果有多个创建端点的请求，安全性的上下文可能会发生变化，因为将运行不同的线程。在Spring AOP方面从Sring Security获取用户身份验证的正确解决方案是什么？