You have protected your application by requiring authentication.
Before you check for authorizations, you must ensure that you have the current user. Getting the current user is also useful for personalizing an application.
IUser user = UMFactory.getAuthenticator().getLoggedInUser(request, response);
SAP Help Portal: http://help.sap.com/javadocs