If Spring Security's authentication fails, userDetails will not be injected, and Spring Security will redirect to the failure URL (/login?error). Perhaps your test setup does not authenticates correctly? Try to log in your controller if you even reach there (if you do auth works). Then check/debug what your authService (authService.auth(userDetails.getId())) does.