I'm trying to check the roles for the current user in a controller method, and using the traditional springSecurityService.principal as well as springSecurityService.currentUser both yield null, springSecurityService is not null.
I've verified that the users have logged in, one thing might be that this call is made by the DataTables library in an Ajax call.
Oof, this answer is a little embarrassing. I was adding the datatables code a couple months ago and didn't want to try to troubleshoot issues with authentication until later, so I added the URL for the ajax call to the chainMap with no filters.
Of course I forgot completely about this and was puzzled as to why the currentUser was null. Once I removed the ajax call from the chainMap, it was there.
A gentle reminder that you should comment around configuration that is intended to be temporary, and check back once you are finished implementing a feature that all of your kludges are gone!