why SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(null, null, null)) allow

Why is authentication allowed in this filter

@RequiredArgsConstructorpublic class JwtTokenFilter extends OncePerRequestFilter {    private final JwtProvider jwtProvider;    private final AccountService accountService;    @Override    protected boolean shouldNotFilter(HttpServletRequest request) {        return request.getServletPath().startsWith("/api/auth")    }    @Override    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {            String accessToken = jwtProvider.parseToken(request);            //Account account = accountService.read(jwtProvider.getAccountId(accessToken));            Authentication authentication = new UsernamePasswordAuthenticationToken(null, null, null);            SecurityContextHolder.getContext().setAuthentication(authentication);            filterChain.doFilter(request, response);    }}

SecurityConfig

@Configuration@RequiredArgsConstructorpublic class SecurityConfig {    private final JwtProvider jwtProvider;    private final AccountService accountService;    @Bean    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {        http.cors(cors -> cors.configurationSource(new CorsConfigurationSource() {                    @Override                    public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {                        CorsConfiguration config = new CorsConfiguration();                        config.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));                        config.setAllowedMethods(Collections.singletonList("*"));                        config.setAllowedHeaders(Collections.singletonList("*"));                        config.setExposedHeaders(Collections.singletonList("*"));                        config.setAllowCredentials(true);                        config.setMaxAge(3600L);                        return config;                    }                }))                .csrf(csrf -> csrf.disable())                .authorizeHttpRequests(request -> request                        .requestMatchers("/api/account/**").authenticated()                        .anyRequest().permitAll())                .addFilterBefore(new JwtTokenFilter(jwtProvider, accountService), UsernamePasswordAuthenticationFilter.class)                .formLogin(withDefaults())                .httpBasic(withDefaults());        return http.build();    }    @Bean    PasswordEncoder passwordEncoder(){        return new BCryptPasswordEncoder();    }}

"api/account"

request-header :Authorization : Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJtaWRhcyIsImFjY291bnRJZCI6MSwiaWF0IjoxNzEwODYwNTQ2LCJleHAiOjE3MTA4NjQxNDZ9.OFzVJKswldMteZ1Eb_7I0-WBFAmSly7GQXPFA0xo860

response : 200

I registered in security context with JWT information.However, I wonder why authentication is allowed even if I enter any information.Are authentication objects registered in the security context unconditionally allowed?I think it is correct for the following filters to deny authentication for incorrect authentication objects.