In case SLA expires in a case deployed in Springboot the error is thrown:

java.lang.SecurityException: User system is not authorized to access case

Complete stacktrace can be found in attachment.

The issue can be caused by having different user name for internal operations. This jBPM commit introduces internal system user with name "unknown" to execute internal task which aren't directly triggered by user request (like SLA expiry). Kie server JACCIdentityProvider returns "unknown" user in case no authentication was done. Springboot SpringSecurityIdentityProvider however returns "system" user.