My solution is do not query User object from persistence layer instead of retrieve from spring-security directly:

Code:
	@Override
	public User getCurrentAuditor() {
		User auditor;

		Authentication authentication = SecurityContextHolder.getContext()
				.getAuthentication();
		if (authentication != null) {
			Object principal = authentication.getPrincipal();

			if (principal instanceof User) {
				auditor = (User) principal;
			} else {
				auditor = null;
				log.warn("The principal is not a user.");
			}
		} else {
			auditor = null;
		}

		return auditor;
	}