getPrincipal() method returns anonymous user

Question

I'm trying to get the connected user via spring security method

public static User getConnectedUser() {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    User currentUser=auth.getPrincipal();
}

When i invoke this method from a webservice get method using postman it returns anonymousUser even if am logged in. Here is my spring security configuration:

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/app/admin/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/app/passwordHint*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')"/>
    <intercept-url pattern="/app/requestRecoveryToken*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')" />
    <intercept-url pattern="/app/updatePassword*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')" />
    <intercept-url pattern="/app/signup*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_ANONYMOUS')"/>
    <intercept-url pattern="/app/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
    <form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check"/>
    <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
    <custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
</http>

Even when i added this line <intercept-url pattern="/*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/> to the above configuration it returns the anonymousUser.

Here is the url i request from postman.

http://localhost:8080/myApp/services/api/seal/

Answer 1

Yor intercept-url are all not match because your path begins with services not with app.

If your context root is myApp, your configuration should be:

<intercept-url pattern="/services/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>