Geoserver ships with a good list of helpful Demo requests -- however, the authenticated requests fail if you do not add the relevant URL path to a Filter Chain which includes a "form" authentication filter.
If you run any Demo request involving authentication without the relevant Filter Chain modification you will see the following message:
HTTP response: 401 No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
The same response is seen when running the request with curl, e.g.:
curl -u admin:geoserver "http://localhost:8080/geoserver/wfs?request=GetFeature&version=1.1.0&typeName=topp:states&outputFormat=GML2&FEATUREID=states.3"
You can resolve this issue by adding the relevant URL path suffix (e.g., /wcs* or /wfs*) to the "web" Filter Chain, which includes the "form" Authentication Filter.
Access this dialog in the Web Administration interface under Security > Authentication > Filter Chains > web.
I've commented on the bug in the Geoserver project JIRA -- to resolve this bug this issue should be either noted or the underlying xml's changed -- otherwise the Demos fail.