I'm currently migrating my application to Spring Framework 6, which required updating the javax namespace to jakarta. While most components seem to be working, I’m facing an issue specifically with the authentication configuration and can’t pinpoint the cause.

Details: security.xml configuration:

<security:http authentication-manager-ref="authenticationManager" entry-point-ref="processingFilterEntryPoint" use-expressions="true">
    <security:intercept-url pattern="/msui_login**" access="isAnonymous()" />
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
    <security:custom-filter ref="processingFilter" after="LOGOUT_FILTER" />
    <security:logout success-handler-ref="logoutSuccessHandler" />
    <security:csrf disabled="true" /> 
    <security:headers>
        <security:frame-options policy="SAMEORIGIN" />
    </security:headers>
</security:http>

 <bean id="authenticationManager" class=".springframework.security.authentication.ProviderManager">
        <constructor-arg>
            <list>
                <ref bean="authenticationProvider" />
            </list>
        </constructor-arg>
    </bean>

I've verified that authenticationProvider is returning the correct Authentication object. However, for the pattern /**, when it checks isAuthenticated, control is being redirected to processingFilterEntryPoint instead. This suggests that Spring Security might not be handling the Authentication object as expected. Could there have been any changes in Spring Security 6.x affecting this behavior? Any insights or troubleshooting tips would be greatly appreciated.

Environment:

Spring Framework: 6.1.x
Spring Security: 6.3.x
Tomcat: 10.1.x