postman - Spring LDAP Basic Auth caching some clients but not others

Question

I am using a org.springframework.security.ldap.authentication.LdapAuthenticationProvider.LdapAuthenticationProvider(LdapAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator) to validate my clients. When I am calling from SoapUI I can see this pointcut being executed every time execution(Authentication org.springframework.security.authentication.ProviderManager.authenticate(Authentication)) When I call from postman, it only gets executed the first time postman calls.

It appears that somehow my app is caching the client and saying it does not need re-authenticated when I call from postman, but this is not happening when I call from soapui. What is the difference?

I have tried changing all settings I can see in postman and soapui, but I cannot seems to make any difference in the results. Can someone describe, or point me to a resource that describes what is going on?

question from:https://stackoverflow.com/questions/65831687/spring-ldap-basic-auth-caching-some-clients-but-not-others

Answer 1

Seems to be related to cookies... In postman I found a property, disable cookie jar. If that is enabled i get the same performance as soapui and it always validates. I guess now I need to see how cookies work with spring security.