I setup my Spring Security application according to the reference document and after hours of troubleshooting I continue to get a null @AuthenticationPrincipal passed into my controller.

The authentication mechanism is working fine against the users in my database but still a null @AuthenticationPrincipal. I consulted several internet posts including this, and this but still I am getting null.

I am using Spring-Boot 1.2.2 and Spring Security 3.2.6.

Relevant POM:




public class AuditWebApplication {
  // code


public class SecurityConfiguration WebSecurityConfigurerAdapter {

    private UserDetailsService userDetailsService;

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    protected void configure(HttpSecurity http) throws Exception {
            .antMatchers("/index.html", "/views/**", // public side.
                        "/images/**", "/scripts/**", "/styles/**", "/vendor/**", "/")
            .addFilterAfter(csrfHeaderFilter(), SessionManagementFilter.class);


public class UserServiceBean implements UserService {
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    // Custom domain User object, not spring security
    User user = userRepository.findByusername(username);
    if(user == null) {
      throw new UsernameNotFoundException("Unable to load user by username = '" + username + "'");
    List<UserRole> userRoles = userRoleRepository.findAllByUserId(user.getId());
    return new UserRepositoryUserDetails(user);

  // User here refers to my application's domain User object, not Spring Security
  private final static class UserRepositoryUserDetails extends User implements UserDetails {

    public UserRepositoryUserDetails(User user) {

    public Collection<? extends GrantedAuthority> getAuthorities() {
      List<String> authoritiesList = new ArrayList<String>();
      List<UserRole> userRoles = getUserRoles();
      userRoles.forEach((ur) -> {
        if(ur.isActive()) {

      String authoritiesString = StringUtils.join(authoritiesList, ',');
      return AuthorityUtils.commaSeparatedStringToAuthorityList(authoritiesString);

    public String getUsername() {
      return getLdapUID();

    public boolean isAccountNonExpired() {
      return true;

    public boolean isAccountNonLocked() {
      return true;

    public boolean isCredentialsNonExpired() {
      return true;

    public boolean isEnabled() {
      return isActive() ;

    public String getPassword() {
        // fake for now
      return "password";



public interface UserService extends UserDetailsService {
  // signatures


import org.springframework.security.web.bind.annotation.AuthenticationPrincipal;
import org.springframework.security.core.userdetails.User;

@RequestMapping(value="/products", method=RequestMethod.GET)
public ResponseEntity<Map<String,Object>> products(@AuthenticationPrincipal User user){
  // user is null

Relevant Maven Dependency Tree:

[INFO] ------------------------------------------------------------------------
[INFO] Building Web Project 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] --- maven-dependency-plugin:2.9:tree (default-cli) @ web-build ---
[WARNING] Using Maven 2 dependency tree to get verbose output, which may be inconsistent with actual Maven 3 resolution
[INFO] com.company:web-build:jar:0.0.1-SNAPSHOT
[INFO] +- com.company:common-build:jar:0.0.1-SNAPSHOT:compile
[INFO] |  +- (org.springframework.boot:spring-boot-starter-aop:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  \- (org.springframework.boot:spring-boot-starter-security:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] +- com.company:data-build:jar:0.0.1-SNAPSHOT:compile
[INFO] |  +- (com.company:common-build:jar:0.0.1-SNAPSHOT:compile - omitted for duplicate)
[INFO] |  +- (org.springframework.boot:spring-boot-starter-security:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- (org.springframework.boot:spring-boot-starter-jdbc:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- (org.springframework.boot:spring-boot-starter-aop:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.4.5:compile
[INFO] |  +- (org.apache.commons:commons-lang3:jar:3.3.2:compile - omitted for duplicate)
[INFO] |  \- org.springframework.boot:spring-boot-starter-jetty:jar:1.2.2.RELEASE:compile
[INFO] |     +- org.eclipse.jetty:jetty-jsp:jar:9.2.9.v20150224:compile
[INFO] |     |  +- org.eclipse.jetty.toolchain:jetty-schemas:jar:3.1.M0:compile
[INFO] |     |  +- javax.servlet:javax.servlet-api:jar:3.1.0:compile
[INFO] |     |  +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.1:compile
[INFO] |     |  +- org.glassfish.web:javax.servlet.jsp:jar:2.3.2:compile
[INFO] |     |  |  +- (org.glassfish:javax.el:jar:3.0.0:compile - omitted for duplicate)
[INFO] |     |  |  \- (javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.1:compile - omitted for duplicate)
[INFO] |     |  +- org.eclipse.jetty.orbit:javax.servlet.jsp.jstl:jar:1.2.0.v201105211821:compile
[INFO] |     |  +- org.glassfish.web:javax.servlet.jsp.jstl:jar:1.2.2:compile
[INFO] |     |  +- org.glassfish:javax.el:jar:3.0.0:compile
[INFO] |     |  \- org.eclipse.jetty.orbit:org.eclipse.jdt.core:jar:3.8.2.v20130121:compile
[INFO] |     +- org.eclipse.jetty:jetty-webapp:jar:9.2.9.v20150224:compile
[INFO] |     |  +- org.eclipse.jetty:jetty-xml:jar:9.2.9.v20150224:compile
[INFO] |     |  |  \- org.eclipse.jetty:jetty-util:jar:9.2.9.v20150224:compile
[INFO] |     |  \- org.eclipse.jetty:jetty-servlet:jar:9.2.9.v20150224:compile
[INFO] |     |     \- org.eclipse.jetty:jetty-security:jar:9.2.9.v20150224:compile
[INFO] |     |        \- org.eclipse.jetty:jetty-server:jar:9.2.9.v20150224:compile
[INFO] |     |           +- (javax.servlet:javax.servlet-api:jar:3.1.0:compile - omitted for duplicate)
[INFO] |     |           +- (org.eclipse.jetty:jetty-http:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |           \- (org.eclipse.jetty:jetty-io:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     +- org.eclipse.jetty.websocket:websocket-server:jar:9.2.9.v20150224:compile
[INFO] |     |  +- org.eclipse.jetty.websocket:websocket-common:jar:9.2.9.v20150224:compile
[INFO] |     |  |  +- org.eclipse.jetty.websocket:websocket-api:jar:9.2.9.v20150224:compile
[INFO] |     |  |  +- (org.eclipse.jetty:jetty-util:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  |  \- org.eclipse.jetty:jetty-io:jar:9.2.9.v20150224:compile
[INFO] |     |  |     \- (org.eclipse.jetty:jetty-util:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  +- org.eclipse.jetty.websocket:websocket-client:jar:9.2.9.v20150224:compile
[INFO] |     |  |  +- (org.eclipse.jetty:jetty-util:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  |  +- (org.eclipse.jetty:jetty-io:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  |  \- (org.eclipse.jetty.websocket:websocket-common:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  +- org.eclipse.jetty.websocket:websocket-servlet:jar:9.2.9.v20150224:compile
[INFO] |     |  |  +- (org.eclipse.jetty.websocket:websocket-api:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  |  \- (javax.servlet:javax.servlet-api:jar:3.1.0:compile - omitted for duplicate)
[INFO] |     |  +- (org.eclipse.jetty:jetty-servlet:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     |  \- org.eclipse.jetty:jetty-http:jar:9.2.9.v20150224:compile
[INFO] |     |     \- (org.eclipse.jetty:jetty-util:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |     \- org.eclipse.jetty.websocket:javax-websocket-server-impl:jar:9.2.9.v20150224:compile
[INFO] |        +- org.eclipse.jetty:jetty-annotations:jar:9.2.9.v20150224:compile
[INFO] |        |  +- org.eclipse.jetty:jetty-plus:jar:9.2.9.v20150224:compile
[INFO] |        |  |  +- (org.eclipse.jetty:jetty-webapp:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |        |  |  \- org.eclipse.jetty:jetty-jndi:jar:9.2.9.v20150224:compile
[INFO] |        |  |     \- (org.eclipse.jetty:jetty-util:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |        |  +- (org.eclipse.jetty:jetty-webapp:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |        |  +- javax.annotation:javax.annotation-api:jar:1.2:compile
[INFO] |        |  +- org.ow2.asm:asm:jar:5.0.1:compile
[INFO] |        |  \- org.ow2.asm:asm-commons:jar:5.0.1:compile
[INFO] |        |     \- org.ow2.asm:asm-tree:jar:5.0.1:compile
[INFO] |        |        \- (org.ow2.asm:asm:jar:5.0.1:compile - omitted for duplicate)
[INFO] |        +- org.eclipse.jetty.websocket:javax-websocket-client-impl:jar:9.2.9.v20150224:compile
[INFO] |        |  +- (org.eclipse.jetty.websocket:websocket-client:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |        |  \- (javax.websocket:javax.websocket-api:jar:1.0:compile - omitted for duplicate)
[INFO] |        +- (org.eclipse.jetty.websocket:websocket-server:jar:9.2.9.v20150224:compile - omitted for duplicate)
[INFO] |        \- javax.websocket:javax.websocket-api:jar:1.0:compile
[INFO] +- org.springframework.boot:spring-boot-starter-security:jar:1.2.2.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:1.2.2.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:1.2.2.RELEASE:compile
[INFO] |  |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  |  \- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- org.springframework.boot:spring-boot-autoconfigure:jar:1.2.2.RELEASE:compile
[INFO] |  |  |  +- (org.springframework.boot:spring-boot:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  |  |  \- org.yaml:snakeyaml:jar:1.14:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:1.2.2.RELEASE:compile
[INFO] |  |  |  +- org.slf4j:jcl-over-slf4j:jar:1.7.10:compile
[INFO] |  |  |  |  \- org.slf4j:slf4j-api:jar:1.7.10:compile (version managed from 1.7.6)
[INFO] |  |  |  +- org.slf4j:jul-to-slf4j:jar:1.7.10:compile
[INFO] |  |  |  |  \- (org.slf4j:slf4j-api:jar:1.7.10:compile - version managed from 1.7.6; omitted for duplicate)
[INFO] |  |  |  +- org.slf4j:log4j-over-slf4j:jar:1.7.10:compile
[INFO] |  |  |  |  \- (org.slf4j:slf4j-api:jar:1.7.10:compile - version managed from 1.7.6; omitted for duplicate)
[INFO] |  |  |  \- ch.qos.logback:logback-classic:jar:1.1.2:compile
[INFO] |  |  |     +- ch.qos.logback:logback-core:jar:1.1.2:compile
[INFO] |  |  |     \- (org.slf4j:slf4j-api:jar:1.7.10:compile - version managed from 1.7.6; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.yaml:snakeyaml:jar:1.14:compile - scope updated from runtime; omitted for duplicate)
[INFO] |  +- org.springframework:spring-beans:jar:4.1.5.RELEASE:compile
[INFO] |  |  \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.springframework:spring-context:jar:4.1.5.RELEASE:compile
[INFO] |  |  +- (org.springframework:spring-aop:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.springframework:spring-expression:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.springframework:spring-core:jar:4.1.5.RELEASE:compile
[INFO] |  +- org.springframework:spring-expression:jar:4.1.5.RELEASE:compile
[INFO] |  |  \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.springframework:spring-web:jar:4.1.5.RELEASE:compile (version managed from 3.2.8.RELEASE)
[INFO] |  |  +- (org.springframework:spring-aop:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.springframework.security:spring-security-config:jar:3.2.6.RELEASE:compile
[INFO] |  |  +- aopalliance:aopalliance:jar:1.0:compile
[INFO] |  |  +- org.springframework.security:spring-security-core:jar:3.2.6.RELEASE:compile
[INFO] |  |  |  +- (aopalliance:aopalliance:jar:1.0:compile - omitted for duplicate)
[INFO] |  |  |  +- (org.springframework:spring-aop:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  |  +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  |  +- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  |  \- (org.springframework:spring-expression:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-aop:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.springframework.security:spring-security-web:jar:3.2.6.RELEASE:compile
[INFO] |  |  +- (aopalliance:aopalliance:jar:1.0:compile - omitted for duplicate)
[INFO] |  |  +- (org.springframework.security:spring-security-core:jar:3.2.6.RELEASE:compile - omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-expression:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.springframework:spring-web:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  \- org.springframework:spring-aop:jar:4.1.5.RELEASE:compile
[INFO] |     +- (aopalliance:aopalliance:jar:1.0:compile - omitted for duplicate)
[INFO] |     +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |     \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:1.2.2.RELEASE:compile
[INFO] |  +- (org.springframework.boot:spring-boot-starter:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:1.2.2.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.20:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.0.20:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-logging-juli:jar:8.0.20:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.0.20:compile
[INFO] |  |     \- (org.apache.tomcat.embed:tomcat-embed-core:jar:8.0.20:compile - omitted for duplicate)
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.4.5:compile
[INFO] |  |  +- (com.fasterxml.jackson.core:jackson-annotations:jar:2.4.5:compile - version managed from 2.4.0; omitted for duplicate)
[INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.4.5:compile
[INFO] |  +- org.hibernate:hibernate-validator:jar:5.1.3.Final:compile
[INFO] |  |  +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.1.3.GA:compile
[INFO] |  |  \- com.fasterxml:classmate:jar:1.0.0:compile
[INFO] |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- (org.springframework:spring-web:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  \- org.springframework:spring-webmvc:jar:4.1.5.RELEASE:compile
[INFO] |     +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |     +- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |     +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |     +- (org.springframework:spring-expression:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |     \- (org.springframework:spring-web:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] +- org.springframework.boot:spring-boot-starter-jdbc:jar:1.2.2.RELEASE:compile
[INFO] |  +- (org.springframework.boot:spring-boot-starter:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.springframework:spring-jdbc:jar:4.1.5.RELEASE:compile
[INFO] |  |  +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.springframework:spring-tx:jar:4.1.5.RELEASE:compile - omitted for duplicate)
[INFO] |  +- org.apache.tomcat:tomcat-jdbc:jar:8.0.20:compile
[INFO] |  |  \- org.apache.tomcat:tomcat-juli:jar:8.0.20:compile
[INFO] |  \- org.springframework:spring-tx:jar:4.1.5.RELEASE:compile
[INFO] |     +- (org.springframework:spring-beans:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |     \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] +- org.springframework.boot:spring-boot-starter-aop:jar:1.2.2.RELEASE:compile
[INFO] |  +- (org.springframework.boot:spring-boot-starter:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- (org.springframework:spring-aop:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  +- org.aspectj:aspectjrt:jar:1.8.5:compile
[INFO] |  \- org.aspectj:aspectjweaver:jar:1.8.5:compile
[INFO] +- org.apache.commons:commons-lang3:jar:3.3.2:compile
[INFO] +- commons-beanutils:commons-beanutils:jar:1.9.2:compile
[INFO] |  \- commons-collections:commons-collections:jar:3.2.1:compile
[INFO] +- org.springframework.boot:spring-boot-starter-test:jar:1.2.2.RELEASE:test
[INFO] |  +- junit:junit:jar:4.12:test
[INFO] |  |  \- (org.hamcrest:hamcrest-core:jar:1.3:test - version managed from 1.1; omitted for duplicate)
[INFO] |  +- org.mockito:mockito-core:jar:1.10.19:test
[INFO] |  |  +- (org.hamcrest:hamcrest-core:jar:1.3:test - version managed from 1.1; omitted for duplicate)
[INFO] |  |  \- org.objenesis:objenesis:jar:2.1:test
[INFO] |  +- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] |  +- org.hamcrest:hamcrest-library:jar:1.3:test
[INFO] |  |  \- (org.hamcrest:hamcrest-core:jar:1.3:test - version managed from 1.1; omitted for duplicate)
[INFO] |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:test - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  \- org.springframework:spring-test:jar:4.1.5.RELEASE:test
[INFO] |     \- (org.springframework:spring-core:jar:4.1.5.RELEASE:test - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:1.2.2.RELEASE:compile
[INFO] |  +- (org.springframework.boot:spring-boot-starter:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  +- org.springframework.boot:spring-boot-actuator:jar:1.2.2.RELEASE:compile
[INFO] |  |  +- (org.springframework.boot:spring-boot:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  |  +- (org.springframework.boot:spring-boot-autoconfigure:jar:1.2.2.RELEASE:compile - omitted for duplicate)
[INFO] |  |  +- (com.fasterxml.jackson.core:jackson-databind:jar:2.4.5:compile - omitted for duplicate)
[INFO] |  |  +- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  |  \- (org.springframework:spring-context:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] |  \- (org.springframework:spring-core:jar:4.1.5.RELEASE:compile - version managed from 3.2.8.RELEASE; omitted for duplicate)
[INFO] +- org.flywaydb:flyway-core:jar:3.1:compile
[INFO] +- org.mockito:mockito-all:jar:1.10.19:compile
[INFO] +- com.h2database:h2:jar:1.4.185:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.34:compile
[INFO] +- org.codehaus.janino:janino:jar:2.6.1:compile
[INFO] |  \- org.codehaus.janino:commons-compiler:jar:2.6.1:compile
[INFO] +- org.apache.poi:poi:jar:3.10-FINAL:compile
[INFO] |  \- commons-codec:commons-codec:jar:1.5:compile
[INFO] +- org.apache.poi:poi-ooxml:jar:3.10-FINAL:compile
[INFO] |  +- (org.apache.poi:poi:jar:3.10-FINAL:compile - omitted for duplicate)
[INFO] |  +- org.apache.poi:poi-ooxml-schemas:jar:3.10-FINAL:compile
[INFO] |  |  \- org.apache.xmlbeans:xmlbeans:jar:2.3.0:compile
[INFO] |  |     \- stax:stax-api:jar:1.0.1:compile
[INFO] |  \- dom4j:dom4j:jar:1.6.1:compile
[INFO] |     \- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO] \- org.scala-lang:scala-library:jar:2.10.4:compile
  • 1
  • 1
  • 2,235
  • 5
  • 30
  • 44

2 Answers2


Pls try this :-

a) Change

    private UserDetailsService userDetailsService;


    private UserServiceBean userDetailsService;

b) Use @Service here

public class UserServiceBean implements UserService {

c) Change @AuthenticationPrincipal User user to @AuthenticationPrincipal UserDetails userDetails

  • 2,077
  • 14
  • 22
  • UserServiceBean is already a Service and if I attempt to Autowire UserServiceBean instead of UserDetailsService I get NoSuchBeanDefinitionException. – szxnyc Sep 22 '15 at 12:54
  • Can you try point (c) above as well. Its just some wiring/bean issue thats resulting in NULL. – Avis Sep 22 '15 at 14:13
  • 1
    point (C) worked! Do you have any idea why I need to inject UserDetails instead of User? This is different from what the documentation states and what has worked for other users. – szxnyc Sep 22 '15 at 15:57
  • Bcoz you returning it => public UserDetails loadUserByUsername(String username), and as User is resolving to NULL so i felt User object is not of spring security so we left with UserDetails interface only which is of spring security. – Avis Sep 22 '15 at 16:41
  • 1
    To add this answer: The [Javadoc](http://docs.spring.io/autorepo/docs/spring-security/4.0.3.RELEASE/apidocs/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.html) (which I read _after_ this answer :) ) explicitly states: "If the types do not match, null will be returned unless AuthenticationPrincipal.errorOnInvalidType() is true in which case a ClassCastException will be thrown." Pretty strange that the error is not the default. – Wim Deblauwe Feb 02 '16 at 09:54
  • @WimDeblauwe If you turn this comment into an answer, I'll vote up – lilalinux May 31 '18 at 11:03
  • @lilalinux answer added. – Wim Deblauwe May 31 '18 at 11:06

The type in the controller needs to match with the type that you return from the UserDetailsService.

The Javadoc explicitly states:

If the types do not match, null will be returned unless AuthenticationPrincipal.errorOnInvalidType() is true in which case a ClassCastException will be thrown.

Pretty strange that the error is not the default.

Wim Deblauwe
  • 19,439
  • 13
  • 111
  • 173
  • There's also a bug in Spring Boot DevTools which triggers this: https://stackoverflow.com/questions/35156390/authenticationprincipal-with-spring-boot-not-working https://github.com/spring-projects/spring-boot/issues/5071 – lilalinux May 31 '18 at 11:08
  • 1
    Thanks! If anyone is having the same problem, a simple breakpoint the method below will help: org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver.resolveArgument – Thiago Jul 12 '19 at 19:53
  • @Thiago That helped me solve it thank you! I'd changed to use JWT authentication so a `UsernamePasswordAuthenticationToken` was being passed through instead of a `UserDetails` object. – Michael Dec 12 '20 at 09:55