SecurityContextHolder.getContext().getAuthentication() returning null
So, I found the actual problem! The issue was that I had marked the whole controller with security="none" in the security-context.xml. So, when it was bounced from the first link to the 2nd, it didn't pass any security context with it!! Sorry for the trouble, guys.
Your localUser is null.So the auth become null.So no authentication object has been added to the security context.
Please have look at the doc
http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/User.html
It is better to have a customUserDetailsService
public class CustomUserDetailsService implements UserDetailsService
//implement the method which return a UserDetails Object
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
then you can use
UserDetails userDetails= customUserDetailsService.loadUserByUsername("name");
Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ;
SecurityContextHolder.getContext().setAuthentication(authentication);
Additional Answer: If you want to get logged-in user details for a non-secured url then you can add them to secured urls and assign as "permitAll" like this:
<http>
//...
<intercept-url pattern="/your/url/**" access="permitAll"/>
//...
</http>
Then, you will be able to check the logged-in user if logged-in or get the credentials.