You have a controller with one endpoint that doesn't require authentication and everyone can access it. In a method of the controller, someone used the @AuthenticationPrincipal annotation to inject UserDetails.
An unknown user is accessing the endpoint. What will happen if we try to call the getUsername() method of the UserDetails interface?