Describe the bug

I was trying to create a custom HttpAuthenticationMechanism and register it using the @HttpAuthenticationMechanism annotation, so that I can control granularly where which AuthenticationMechanism is used. Therefore I disabled proactive authentication and configured policies to use these AuthenticationMechanism. The problem here is that a class named StandardSecurityCheckInterceptor then intercepts during the AuthenticationMechanism selection process and causes a ContextNotActiveException

Expected behavior

The AuthenticationMechanism should be registered under the specified name and called without any exception

Actual behavior

Using the AuthenticationMechanism should not result in a ContextNotActiveException

How to Reproduce?

I put the relevant source code on a github gist here:
https://gist.github.com/nightloewe1/8716b62519b71e922a982624f47f3546

Steps to reproduce:

1. Create a quarkus project using Quarkus REST and Quarkus Security (might need to add this in the build.gradle.kts)
2. Add the code from the gist
3. Run the application and make a http call to it

Output of uname -a or ver

Darwin

Output of java -version

openjdk version "24.0.1" 2025-04-15 OpenJDK Runtime Environment (build 24.0.1+9-30) OpenJDK 64-Bit Server VM (build 24.0.1+9-30, mixed mode, sharing)

Quarkus version or git rev

3.30.5

Build tool (ie. output of mvnw --version or gradlew --version)

Gradle 9.2.1

Additional information

No response