Problemas com acesso no Spring Security (Access is denied (user is not anonymous))

Front-end
#1

Pessoal configurei o spring security na minha aplicação JSF 2, ao digitar o login e senha corretos da erro de Acesso Negado.
Olhei o log da aplicação, da esse erro:
DEBUG ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
Alguém sabe o que pode ser ?

Segue minhas configurações:
applicationContext.xml

[code]<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns=“http://www.springframework.org/schema/security
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xmlns:b=“http://www.springframework.org/schema/beans
xsi:schemaLocation=“http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd”>

<http auto-config="true" use-expressions="true">
	<intercept-url pattern="/index.xhtml" access="hasRole('ROLE_USER')" />
	<form-login login-page="/login.xhtml"
		authentication-failure-url="/login.xhtml?erro=true" />
</http>

<authentication-manager>
	<authentication-provider>
		<jdbc-user-service data-source-ref="dataSource"
			users-by-username-query="SELECT login, password, enable FROM users WHERE login=?"
			authorities-by-username-query="SELECT login, authority FROM users WHERE login=?" />
	</authentication-provider>
</authentication-manager>

<b:bean id="dataSource"
	class="org.springframework.jdbc.datasource.DriverManagerDataSource">
	<b:property name="url" value="jdbc:postgresql:postgres" />
	<b:property name="driverClassName" value="org.postgresql.Driver" />
	<b:property name="username" value="postgres" />
	<b:property name="password" value="1662442" />
</b:bean>

</b:beans>[/code]

Web.xml

[code]<?xml version="1.0"?>

<display-name>CoWeb</display-name>

<servlet>
	<servlet-name>Faces Servlet</servlet-name>
	<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
	<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
	<servlet-name>Faces Servlet</servlet-name>
	<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>

<servlet-mapping>
	<servlet-name>Faces Servlet</servlet-name>
	<url-pattern>*.faces</url-pattern>
</servlet-mapping>

<servlet-mapping>
	<servlet-name>Faces Servlet</servlet-name>
	<url-pattern>/faces/*</url-pattern>
</servlet-mapping>

<welcome-file-list>
	<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>

<context-param>
	<param-name>org.richfaces.skin</param-name>
	<!-- <param-value>emeraldTown</param-value> -->
	<param-value>classic</param-value>
	<!-- <param-value>blueSky</param-value> -->
	<!-- <param-value>ruby</param-value> -->
	<!-- <param-value>wine</param-value> -->
	<!-- <param-value>deepMarine</param-value> -->
	<!-- <param-value>japanCherry</param-value> -->
	<!-- <param-value>plain</param-value> -->
</context-param>

<filter>
	<filter-name>HibernateFilter</filter-name>
	<filter-class>br.com.CoWeb.hibernate.HibernateSessionRequestFilter</filter-class>
</filter>

<filter-mapping>
	<filter-name>HibernateFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Início das configurações para o Spring Security 3 -->
<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<listener>
	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Fim das configuração para utilizar o Spring Security 3 -->
[/code]

faces-config.xml

<?xml version="1.0" encoding="UTF-8"?> <faces-config version="2.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"> <navigation-rule> <navigation-case> <from-outcome>home</from-outcome> <to-view-id>/home/index.xhtml</to-view-id> </navigation-case> </navigation-rule> <navigation-rule> <navigation-case> <from-outcome>paciente</from-outcome> <to-view-id>/paciente/people.xhtml</to-view-id> </navigation-case> </navigation-rule> <navigation-rule> <navigation-case> <from-outcome>produtos</from-outcome> <to-view-id>/produtos/product.xhtml</to-view-id> </navigation-case> </navigation-rule> <navigation-rule> <from-view-id>/login.xhtml</from-view-id> <navigation-case> <to-view-id>/index.xhtml</to-view-id> </navigation-case> </navigation-rule> </faces-config>

Login.xhtml

[code]<?xml version="1.0" encoding="UTF-8"?>

CoWeb 
            <h:outputText value="Usuário ou senha incorretos!" rendered="#{param.erro}" style="color: darkred"/>
        
        <form action="j_spring_security_check" method="post">
            <h:panelGrid columns="2" cellpadding="5">
                <h:outputLabel for="j_username" value="Username: *" />
                <h:inputText id="j_username" required="true"/>
                <h:outputLabel for="j_password" value="Password: * " />
                <h:inputSecret id="j_password" required="true"/>
                <h:commandButton value="Login"/>
            </h:panelGrid>
        </form>
    </p:dialog>
</h:body>
[/code]
#2