Spring Security Page is accessible from one server but not from another

We have upgraded a project from Spring Security 3 to Spring Security 5 recently. There is a page which should be accessible without authentication, it works fine with our local server but when installed the same application to our client server, the page is only accessible with authentication.

When accessing the said page from our client server, application will redirect back to the login screen. If user login system first, then access the said page again, the page will show correctly

The page should be accessible without login (There is a icon link from login page to access the said page)

The Spring-security.xml settings are as below: Note: The said page has pattern of "/system/" which do not match any protected patterns.

<http auto-config="true" use-expressions="true">

    <headers>
        <frame-options policy="SAMEORIGIN" />
    </headers>

    <csrf disabled="true"/>

    <intercept-url pattern="/global/*" access="isAuthenticated()" />
    <intercept-url pattern="/popup/*" access="isAuthenticated()" />
    <intercept-url pattern="/general/*" access="isAuthenticated()" />
    <intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/approver/*" access="hasAnyRole('ROLE_ADMIN','ROLE_APPROVER')" />
    <intercept-url pattern="/document/*" access="hasAnyRole('ROLE_ADMIN','ROLE_APPROVER', 'ROLE_USER')" />
    <intercept-url pattern="/issue/*" access="hasAnyRole('ROLE_ADMIN','ROLE_APPROVER', 'ROLE_USER')" />

    <custom-filter ref="sessionTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER"/>

    <form-login login-page="/login.htm" 
                username-parameter="j_username" 
                password-parameter="j_password" 
                default-target-url="/default.htm" 
                login-processing-url="/j_spring_security_check" 
                authentication-failure-url="/loginfailed.htm" />

    <logout logout-success-url="/logout.htm" logout-url="/j_spring_security_logout" />


</http>

<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="ds"

                           users-by-username-query="
          select clogin, '{noop}'+cpassword, lstatus
          from vlogin where clogin=?"

                           authorities-by-username-query="            
          select clogin, crole
          from vlogin where clogin=?"

        />
    </authentication-provider>
</authentication-manager>

We are using Spring Security Version 5. This is a new page we created thus there is no other version to compare the said issue.

Comment From: jzheaux

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.