Problema com spring security 5

Boa tarde pessoal.
Já estou a uns dois dias tentando configurar o spring security 5 na minha aplicação java-based.
Eu não tenho nada de spring na minha aplicação e estou usando CDI e JPA 2 de framework.

O problema é que a autenticação funciona usando o form padrão do spring security, só que no meu fomulário custom aparentemente a autenticação não acontece, sei que o post é feito porque no navegador mostra o request. pelo oque eu entendi o /login POST é gerenciado pelo spring onde ele libera um provider para autenticar.

o meu pox.ml está assim e uso a versão 5.0.7

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>br.com.allsolutions.pulse</groupId>
  <artifactId>pulse</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  
  <properties>
	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>		
	<spring-security.version>5.0.7.RELEASE</spring-security.version>    
  </properties>
  
  <dependencies>
  	<!-- Servlet API -->
		<dependency>
		    <groupId>javax.servlet</groupId>
		    <artifactId>javax.servlet-api</artifactId>
		    <version>4.0.0</version>
		    <scope>provided</scope>
		</dependency>	
		
		<!-- https://mvnrepository.com/artifact/jstl/jstl -->
		<dependency>
		    <groupId>jstl</groupId>
		    <artifactId>jstl</artifactId>
		    <version>1.2</version>		    
		</dependency>
		
		<!-- JSP API -->
		<dependency>
        	<groupId>javax.servlet.jsp</groupId>
        	<artifactId>jsp-api</artifactId>
        	<version>2.2</version>
        	<scope>provided</scope>
    	</dependency> 
    	
    	<!-- Driver JDBC do MySQL -->
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<version>5.1.44</version>
			<scope>compile</scope>
		</dependency>
		
		<!-- CDI -->
		<dependency>
		    <groupId>javax.enterprise</groupId>
		    <artifactId>cdi-api</artifactId>
		    <version>2.0</version>
		    <scope>provided</scope>
		</dependency>
		
		<!-- WELD implementação do CDI -->
		<dependency>
		    <groupId>org.jboss.weld.servlet</groupId>
		    <artifactId>weld-servlet</artifactId>
		    <version>2.4.4.Final</version>
		</dependency>
		
		<!-- Spring security -->
		<dependency>
			<groupId>org.springframework.security</groupId>
		    	<artifactId>spring-security-web</artifactId>
		    	<version>${spring-security.version}</version>
		  	</dependency>
		  <dependency>
		    	<groupId>org.springframework.security</groupId>
		    	<artifactId>spring-security-config</artifactId>
		    	<version>${spring-security.version}</version>
		  </dependency>
		
		<!-- Núcleo do Hibernate -->
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-core</artifactId>
			<version>5.3.4.Final</version>
			<scope>compile</scope>
		</dependency>

		<!-- Implementação de EntityManager da JPA -->
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-entitymanager</artifactId>
			<version>5.3.4.Final</version>
			<scope>compile</scope>
		</dependency>
    	 
  </dependencies>
  
  <repositories>
  <!-- ... possibly other repository elements ... -->
  <repository>
    <id>spring-milestone</id>
    <name>Spring Milestone Repository</name>
    <url>https://repo.spring.io/milestone</url>
  </repository>
</repositories>
  
   <build>
		<finalName>pulse</finalName>
		<plugins>
			<plugin>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>3.1</version>
				<configuration>
					<source>1.8</source>
					<target>1.8</target>
				</configuration>
			</plugin>
		</plugins>
	</build>	
   <packaging>war</packaging>
</project>

minhas classes do spring está assim
Registrando o spring na aplicação

package br.com.projeto.web;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

public SecurityWebApplicationInitializer() {
	super(WebSecurityConfig.class);
}

}

Classe de configuração onde aponto o formulario customizado e também o método de autenticação em memoria

package br.com.projeto.web;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


@EnableWebSecurity
public class  WebSecurityConfig extends WebSecurityConfigurerAdapter {  
	
		 	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		
		auth
        .inMemoryAuthentication()
            .withUser("fabio").password(new BCryptPasswordEncoder().encode("1234")).roles("USER");	
			
	} 	
     
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    	http   		
    		.authorizeRequests()       		
    			.anyRequest()    			
    			.authenticated()
    		.and()
    		.formLogin()
    			.loginPage("/entrar.jsp")    			
    				.permitAll()    			
    			.defaultSuccessUrl("/home.jsp")
    				.permitAll()
    			.failureUrl("/entrar.jsp?error=true")
    				.permitAll()                
                .and()
                	.logout()
                		.logoutSuccessUrl("/entrar.jsp?logout=saiu")
                		.deleteCookies("JSESSIONID")
                		.permitAll();   	
    			
    		
    }
    
   
    
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/css/**","/js/**","/img/**","/fonts/**");
    }
    
}

e finalmente minha jsp, está assim(entrar.jsp)

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<c:url value="/login" var="loginUrl"/>
<!DOCTYPE html>
<html lang="pt-br">
<head>
<meta charset="UTF-8">
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<title>Pulse - Login</title>
<link rel="stylesheet" href="css/bootstrap/bootstrap.min.css"/>
<link rel="stylesheet" href="css/bootstrap/font-awesome.min.css">
<link rel="stylesheet" href="css/adminLTE/AdminLTE.min.css">
<link rel="stylesheet" href="css/login.css">

</head>
<body class="hold-transition login-page">

	<div class="login-box">	
	  <div class="login-logo">
	    <a href="../../index2.html"><b>Projeto</a>
	  </div>
	  
	  <!-- /.login-logo -->
	  <div class="login-box-body">
	    <p class="login-box-msg">Vamos começar ?</p>
	    
	    <form name="f" action="${loginUrl}" method="POST">
		    <c:if test="${param.error != null}">
		    	<p>ERRO NA PÀGINA>>>>>>>>>>>>>>>>>>>>>>>>></p>
		    </c:if>
		    <c:if test="${param.logout != null}">
		    	<p></p>
		    </c:if>
		      <div class="form-group">
		        <input type="text" class="form-control" name="username" id="username" placeholder="Login" required>
		        <span class="glyphicon glyphicon-envelope form-control-feedback"></span>
		      </div>
		      <div class="form-group has-feedback">
		        <input type="password" class="form-control" name="password" id="password" placeholder="Senha" required>		       
		      </div>
		      <div class="form-group">
		      	<div class="row">        
			        <div class="col-md-4 col-md-offset-8">
			          <button type="submit" class="btn btn-primary btn-block btn-flat">Acessar</button>		           
			        </div>
			        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />        
		      	</div>
		      </div>      
		      <div class="form-group">
		      	<div class="row">        
			        <div class="col-md-12">
			          <a href="" class="pull-right">Não lembra da sua senha ?</a>
			        </div>        
			    </div>
		      </div>      
	    </form>
	  </div> 	 
	</div>
	
</body>
</html>

Tem uma dúvida se para usar o spring security precisa do spring mvc, será que é isso?