SecurityContextHolder.getContext().getAuthentication() returning null

So, I found the actual problem! The issue was that I had marked the whole controller with security="none" in the security-context.xml. So, when it was bounced from the first link to the 2nd, it didn't pass any security context with it!! Sorry for the trouble, guys.


Your localUser is null.So the auth become null.So no authentication object has been added to the security context.

Please have look at the doc

http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/User.html

It is better to have a customUserDetailsService

public class CustomUserDetailsService implements UserDetailsService 

//implement the method which return a UserDetails Object
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException 

then you can use

    UserDetails userDetails= customUserDetailsService.loadUserByUsername("name"); 
Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ; 
SecurityContextHolder.getContext().setAuthentication(authentication);

Additional Answer: If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:

<http>
    //...

    <intercept-url pattern="/your/url/**" access="permitAll"/>

    //...
</http>

Then, you will be able to check the logged-in user if logged-in or get the credentials.