The error is quite clear, but there are many possible causes, so I will just point out one. If you made custom repo implementation in Spring you might have injected EntityManager and then used it for some more advanced operations (normally not available from Spring data). First let's look at valid example:
It injects EM as a field and then creates new SimpleJpaRepository, for each call to findAll(). In my first attempt I had created an instance of that class in constructor, to reuse it and ended with that "AssertionFailure: possible non-threadsafe access to the session" error.