Javadoc
If you set this property, the Authentication object, which is created after the
successful digest authentication will be marked as authenticated and filled
with the authorities loaded by the UserDetailsService. It therefore will not be
re-authenticated by your AuthenticationProvider. This means, that only the password
of the user is checked, but not the flags like isEnabled() or
isAccountNonExpired(). You will save some time by enabling this flag, as otherwise
your UserDetailsService will be called twice. A more secure option would be to
introduce a cache around your UserDetailsService, but if you don't use these flags,
you can also safely enable this option.