From e21f02d7ed73ae9297eeb12273a7cfa6f1cec82a Mon Sep 17 00:00:00 2001
From: dae won <eodnjs01477@gmail.com>
Date: Fri, 31 Jan 2025 22:52:11 +0900
Subject: [PATCH] Include UsernameNotFoundException in BadCredentialsException
 Closes gh-16496

Signed-off-by: dae won <eodnjs01477@gmail.com>
---
 .../dao/AbstractUserDetailsAuthenticationProvider.java       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
index 5679dbfe499..e3a3f693861 100644
--- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
@@ -137,8 +137,9 @@ public Authentication authenticate(Authentication authentication) throws Authent
 				if (!this.hideUserNotFoundExceptions) {
 					throw ex;
 				}
-				throw new BadCredentialsException(this.messages
-					.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+				String message = this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials",
+						"Bad credentials");
+				throw new BadCredentialsException(message, ex);
 			}
 			Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
 		}