It seems the custom authentication provider was not triggered because of missing authentication filter chain beans. With these beans added, the authentication provider we create for development is triggered and pre-defined pre-authentication tokens are passed along in the security chain nicely.
Closes #125 (closed)