Firefox does not use NTLM authentication by default, whereas Internet Explorer does.
So unless you've deliberately configured your Firefox installation to use NTLM, then Firefox will be using some other type of authentication like Basic or Digest.
Both Basic and Digest use a simple username for authentication, so it make sense that after Firefox sends the username it will then be stored in j_username
(or wherever else Spring Security store it).
In contrast, NTLM uses both a username and an NT domain to authentication. ie instead of "username" it might be "DOMAIN\username". The NTML username is meaningless without a domain, so an NTLM username is not really equivalent to a Basic or Digest username. Maybe that's why Spring Security isn't giving you the username — NTLM doesn't have a simple 'username' like other login methods do.