Found the problem. Sorry that is mostly because of my own implementation fault which is not visible in the question itself.
My custom UserDetails
impl is incorrectly having getEnabled()
returning false
. In LdapAuthenticationProvider
, it is working fine as there is no checking on the user status.
However, in PreAuthenticatedAuthenticationProvider
, by default there is a UserDetailsChecker
which checks the status of user, for which getEnabled()
returning false
will cause the user details checker to fail silently, and causing authentication not populated to SecurityContext
(i.e. treating that account as not authenticated)
Although it is mostly my implementation issue, I think still worth leaving here as a reference for difference of LdapAuthenticationProvider
and PreAuthenticatedAuthenticationProvider