I'm trying to implement a login with Spring Security 4.0.1.RELEASE and JSF 2.2, trying to login it always returns as invalid login.
login.xhtml
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html">
<h:head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
<ui:insert name="title">Login</ui:insert>
</title>
<h:outputScript library="jquery" name="jquery-2.1.3.min.js" />
<h:outputStylesheet library="bootstrap/css" name="bootstrap.min.css" />
<h:outputStylesheet library="bootstrap/css" name="bootstrap-theme.min.css" />
<h:outputScript library="bootstrap/js" name="bootstrap.min.js" />
<link rel="shortcut icon" type="image/x-icon" href="#{request.contextPath}/resources/img/favicon.ico"/>
</h:head>
<h:body>
<br/><br/>
<div class="container">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading" style="background-color: #EEEEEE;">
<h3 class="panel-title">
<strong>Login </strong>
</h3>
</div>
<div class="panel-body">
<form role="form" action="#{request.contextPath}/j_spring_security_check" method="post">
<div class="form-group">
<label for="j_username">Usuário</label>
<input type="text" name="j_username" class="form-control"
id="j_username" placeholder="Digite seu usuário" />
</div>
<div class="form-group">
<label for="j_password">Senha </label> <a
style="padding-right: 3px;" href="#">(esqueci a senha)</a>
<input type="password" name="j_password" class="form-control"
id="j_password" placeholder="Digite sua senha" />
</div>
<div class="form-group">
<button type="submit" class="btn btn-default">Login</button>
</div>
<div class="form-group">
<h:panelGroup rendered="#{!empty param.login_error}">
<span style="color: red">usuário ou senha inválidos</span>
<br />
<br />
</h:panelGroup>
</div>
</form>
</div>
</div>
</div>
</div>
</h:body>
</html>
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http>
<csrf disabled="true" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/restrito/**" access="hasRole('ROLE_USER,ROLE_ADMIN')" />
<intercept-url pattern="/public/**" access="hasRole('ROLE_USER,ROLE_ADMIN')" />
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<form-login login-page="/login.xhtml"
default-target-url="/public/index.xhtml"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login.xhtml?login_error=1" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
<user name="usuario" password="usuario" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<display-name>helloworld</display-name>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.xhtml</welcome-file>
</welcome-file-list>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<context-param>
<param-name>primefaces.skin</param-name>
<param-value>none</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/applicationContext-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
What could be wrong?