BadCredentialsException after migrating to Spring Security 3.1

I have recently upgraded to spring-security-xxx-3.1.0 from 3.0.5.
In 3.0.5, i was using filters=none tag in the intercept-url tag for unprotecting urls.
Since it is not availible now in 3.1, i had to modify my security config xml to use security=none and it now looks as below :-

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
	
	<http pattern="/index.action*" security="none"> </http>
	<http pattern="/index.jsp" security="none"> </http>
	<http pattern="/jsp/login.jsp" security="none"> </http>
	<http pattern="/css/*" security="none"> </http>
	<http pattern="/js/*" security="none"> </http>
	<http pattern="/forgotPassword.action*" security="none"> </http>
	<http pattern="/registerUser.action" security="none"> </http>

</beans:beans>

At app startup, the login page shows up. User Enters details. Login is successful. home.action is displayed.
I try browsing in the application, trying any other secured xyz.action. The application logs out automatically, with login page being shown.

The error stack trace i get from Spring is as below :-

[24/03/12 12:52:54] DEBUG Authentication failed: no credentials provided
[24/03/12 12:52:54] DEBUG Authentication failed: no credentials provided
[24/03/12 12:52:54] DEBUG Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.BadCredentialsException: Bad credentials
	at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:58)
	at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:304)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:201)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[24/03/12 12:52:54] DEBUG DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/company/xyz.action]
[24/03/12 12:52:54] DEBUG Calling Authentication entry point.
[24/03/12 12:52:54] DEBUG Redirecting to 'http://localhost:8080/company/jsp/login.jsp'
[24/03/12 12:52:54] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.

Any pointers as to what i am doing wrong. ?
Not much help available on the web for 3.1. I am thinking of going back to 3.0.5.

Regards,
Darshan Shroff
http://in.linkedin.com/in/darshanshroff

Did you find a way to work around this issue?

I see my application is still running on 3.0.5. So i probably gave up after trying for a couple of hours.

From the Spring Security doc

The use of multiple <http> elements is an important feature, allowing the namespace to simultaneously support both stateful and stateless paths within the same application, for example. The previous syntax, using the attribute filters="none" on an intercept-url element is incompatible with this change and is no longer supported in 3.1.

Read the below link for more details:
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic

also a post here on the same:
http://raibledesigns.com/rd/tags/spring

Try adding a * after your patterns

also for the login page you can try adding a intercept URL for it although I don't think you should have to do this.