Spring Security Principal null

controller method:

@GetMapping("/postauth") public void postAuth(Principal principal, HttpSession session){ // principal = null Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); // = null SecurityContext context = (SecurityContext)session.getAttribute("SPRING_SECURITY_CONTEXT"); String login = ((org.springframework.security.core.userdetails.User) context.getAuthentication().getPrincipal()).getUsername(); // = "user" } 

security.xml

 <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd"> <http pattern="/resources/**" security="none"/> <http pattern="/auth" security="none"/> <http pattern="/views/service/**" security="none"/> <http auto-config="true" use-expressions="true"> <intercept-url pattern="favicon.ico" access="permitAll" /> <intercept-url pattern="/**" access="hasRole('USER')"/> <form-login authentication-failure-url="/views/service/error_auth.jsp" default-target-url="/postauth" always-use-default-target="true"/> <remember-me key="ffw4334r2" token-validity-seconds="259200"/> <anonymous username="guest" granted-authority="ROLE_ANONYMOUSLY"/> </http> <authentication-manager> <authentication-provider> <jdbc-user-service id="userService" data-source-ref="dataSourceMySQL" users-by-username-query="select login, password, true from users where login = ?" authorities-by-username-query="select login, authority from users where login = ?"/> <password-encoder ref="passwordEncoder"/> </authentication-provider> </authentication-manager> <beans:bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" > </beans:bean> </beans:beans> 

Why in the parameter of the controller method the principal is always null and the Authentification obtained above also. It is necessary to pull out the name of an authorized user from the session.