It sounds like the issue may be with how Spring Security is handling the pre-authentication process. You should check if the authentication headers are being passed correctly (especially in the case of a reverse proxy or external auth system). Also, ensure that your Spring Security configuration has the appropriate pre-authenticated entry point and authentication provider set up. If the user roles or permissions are incorrectly configured, that could also cause the rejection. Let me know if you need help with specific configurations!