spring-security-core's default message.properties is missing at least one i18n key (LdapAuthenticationProvider.badCredentials).
I haven't gotten time to look for others, and it would be nice to address other potentials. Unless the bug assignee beats me to it, in the next couple days I can write a quick script that will get all the missing ones. I will then post a patch for the messages that I can do (i.e. if there isn't already a translation I probably cannot submit a fix for that language).
Anyone viewing this bug can easily work around this issue by providing their own message.properties as outlined in the spring security reference .