I had an issue where basic authentication executed by apache would pass along user account to tomcat (with mod_jk) and would try to login user that was authenticated with basic authentication.
I had to do 2 things.
so the final security.spring.xml would look like:
<http>
<!-- whatever else you have -->
<anonymous />
</http>