Problema com login/logout em Spring Security + Primefaces

Pessoal,

Estou com um problema estranho, tenho uma aplicação que configurei o Spring Security (assim como em outras que já tenho) para fazer o login, porém a aplicação é JSF + Primefaces + CDI + Hibernate + EJB

O problema:
[color=red]- O login funciona N vezes e depois não loga mais.
[/color]
Já mudei o número de sessões, já fiz de tudo, e o estranho é que “aparentemente” está igual já tenho em outras aplicações, não consigo descobrir o que está errado.

Meu ApplicationContext.xml:

[code]<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec=“http://www.springframework.org/schema/security
xmlns:beans=“http://www.springframework.org/schema/beans” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance
xmlns:task=“http://www.springframework.org/schema/task” xmlns:util=“http://www.springframework.org/schema/util
xmlns:context=“http://www.springframework.org/schema/context
xsi:schemaLocation=“http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd”>

<sec:http pattern="/javax.faces.resource/**" security="none" />
<sec:http pattern="/resources/**" security="none" />

<sec:http auto-config="true" use-expressions="true">
	<sec:intercept-url pattern="/login.jsf" access="isAnonymous()" />

	<sec:intercept-url pattern="/private/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER', 'ROLE_JOB')" />

	<sec:form-login login-page="/login.jsf"
		authentication-failure-url="/login.jsf?erro=true"
		authentication-success-handler-ref="successHandler"
		always-use-default-target="true" />

	<sec:access-denied-handler error-page="/public/AcessoNegado.xhtml" />

	<sec:logout invalidate-session="true"
		delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE"
		logout-success-url="/login.jsf" logout-url="/security_logout"  />

	<sec:session-management invalid-session-url="/login.jsf?session=1">
		<sec:concurrency-control max-sessions="5"
			error-if-maximum-exceeded="true" />
	</sec:session-management>

</sec:http>

<sec:authentication-manager>
	<sec:authentication-provider>
		<sec:password-encoder hash="md5" />
		<sec:jdbc-user-service data-source-ref="dataSource"
			users-by-username-query="SELECT username, password, enable FROM usuario WHERE username=?"
			authorities-by-username-query="SELECT usuario_username as username, autorizacoes_nome as authority FROM usuario_aut_rel WHERE usuario_username=?" />
	</sec:authentication-provider>
</sec:authentication-manager>

<beans:bean id="successHandler"
	class="com.horizonte.fiscal.security.AcessoAutorizadoListener" />

<task:annotation-driven />

<beans:bean id="jobFirstDeploy" class="com.horizonte.fiscal.jobs.JobFirstDeploy" />

<!-- auto-explicativo -->
<beans:bean id="dataSource"
	class="org.springframework.jdbc.datasource.DriverManagerDataSource">
	<beans:property name="url"
		value="jdbc:mysql://127.0.0.1:3306/BANCO_DADOS" />
	<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
	<beans:property name="username" value="root" />
	<beans:property name="password" value="*****" />
</beans:bean>

</beans:beans>[/code]

Meu web.xml (trecho referente ao Spring):

[code]…

<!-- Para ouvir o criar/encerrar sessao -->
<listener>
	<listener-class>com.horizonte.fiscal.security.SessionListener</listener-class>
</listener>

<!-- Para ouvir a sessao no Spring Security -->
<listener>
	<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

<!-- Filtros do Spring Security 3 -->
<listener>
	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

…[/code]

Trecho que faz o login:

[code]
<p:panelGrid styleClass=“grid-ui-cadastro rounded-box”
style=“width:100%; margin-bottom:10px;” >
<p:row>
<p:column>
<h:outputLabel for=“j_username”
value="#{msg[‘label.login.username’]}:" />
<h:outputLabel style=“color:red;” value=" *" />
</p:column>
<p:column>
<h:inputText id=“j_username” required=“true” maxlength=“20”
styleClass=“form-control” />
</p:column>
</p:row>
<p:row>
<p:column>
<h:outputLabel for=“j_password”
value="#{msg[‘label.login.password’]}:" />
<h:outputLabel style=“color:red;” value=" *" />
</p:column>
<p:column>
<h:inputSecret id=“j_password” required=“true” maxlength=“20”
styleClass=“form-control” />
</p:column>
</p:row>
<p:row>
<p:column>
</p:column>
<p:column style=“text-align:right;”>

			<p:commandButton id="btnLogarUsuario" value="Login" onclick="$('#formLogin').submit()"
				immediate="true" styleClass="btn" type="submit"  />

		</p:column>
	</p:row>
</p:panelGrid>
[/code]

Trecho que faz o logout:

<h:outputLink class="button-link btn-logout" value="#{request.contextPath}/security_logout" id="botaoLogout" title="logout"> <h:outputText value="Sair do Sistema Aqui" /> </h:outputLink>

Ele varia, as vezes loga 3 vezes, as vezes loga 4 vezes.

Alguém teria alguma ideia do que pode estar acontecendo?