I have Global Security configured to use LDAP with "Project-based Matrix Authorization Strategy" enabled. Anonymous user has the "Job > Build" privilege, and no other privileges (in particular, the "anonymous" user does NOT have "Overall > Read" privilege, since I don't want everyone to be able to view the list of jobs and other general information).

I want an automated script to be able to trigger a build using the "Trigger Builds Remotely" feature, where I specify a "?token=[token]" value and the standard authentication should be bypassed, as long as the [token] value matches the one I set in the job's Configure page.

The documentation seems to indicate this should work:
https://wiki.jenkins-ci.org/display/JENKINS/Quick+and+Simple+Security

So specifically, I am expecting this HTTP request to work:

curl -i https://jenkinsHost/job/ProjectName/build?token=test

But I get

[~]$ curl -i https://jenkinsHost/job/ProjectName/build?token=test
HTTP/1.1 403 Forbidden
Date: Sat, 27 Apr 2013 23:17:03 GMT
Server: Winstone Servlet Engine v0.9.10
Content-Type: text/html;charset=UTF-8
Content-Length: 629
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Set-Cookie: JSESSIONID.e9bc4765=e1f0a30b9f04b3740bae527a7822b2d5; Path=/; HttpOnly
Connection: close

<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest'/>
<script>
window.location.replace('/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest');</script>
</head>
<body style='background-color:white; color:white;'>
Authentication required
</body></html>

When I DO use API authentication, the request works:

curl -i --username "test_user:API_KEY" https://hostname/job/ProjectName/build?token=test

But again, according to the documentation I think it is supposed to bypass the global authentication if ?token is present and matches the project token I configure. Why is this not working? What other information/logs can I provide?