I am using a org.springframework.security.ldap.authentication.LdapAuthenticationProvider.LdapAuthenticationProvider(LdapAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator) to validate my clients. When I am calling from SoapUI I can see this pointcut being executed every time execution(Authentication org.springframework.security.authentication.ProviderManager.authenticate(Authentication)) When I call from postman, it only gets executed the first time postman calls.
It appears that somehow my app is caching the client and saying it does not need re-authenticated when I call from postman, but this is not happening when I call from soapui. What is the difference?
I have tried changing all settings I can see in postman and soapui, but I cannot seems to make any difference in the results. Can someone describe, or point me to a resource that describes what is going on?
Seems to be related to cookies... In postman I found a property, disable cookie jar. If that is enabled i get the same performance as soapui and it always validates. I guess now I need to see how cookies work with spring security.