Spring Security get user info in rest service, for authenticated and not authenticated users

permitAll() still requires Authentication object to present in SecurityContext.

For not oauth users this can be achieved with anonymous access enabled:

@Override
public void configure(HttpSecurity http) throws Exception {
   http
//some configuration
     .and()
        .anonymous() //allow anonymous access
     .and()
        .authorizeRequests()
           .antMatchers("/views/**").permitAll()
//other security settings

Anonymous access will add additional filter: AnonymousAuthenticationFilter to the filter chain that populate AnonymousAuthenticationToken as Authentication information in case no Authentication object in SecurityContext