If a BadCredentialsException is thrown, the provider manager should break its loop and prevent calling further authentication providers.
Per the javadocs:
BadCredentialsException - Thrown if an authentication request is rejected because the credentials are invalid.
There is no point to call additional providers if the credentials are invalid.
This is somewhat related to