Spring Security Вход в систему

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5">

    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring-servlet.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/wifAdmin/*</url-pattern>
    </filter-mapping>
    <welcome-file-list>
        <welcome-file>/wifAdmin</welcome-file>
    </welcome-file-list>
</web-app>

весна-servlet.xml:

<?xml  version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:task="http://www.springframework.org/schema/task"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/task 
        http://www.springframework.org/schema/task/spring-task-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.2.xsd 
        ">

    <context:annotation-config />

    <context:component-scan base-package="com.xsiraul.chat.controller" />
    <task:annotation-driven />

    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />

    <bean id="jspViewResolver"
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"
            value="org.springframework.web.servlet.view.JstlView" />
        <property name="prefix" value="/WEB-INF/jsp/" />
        <property name="suffix" value=".jsp" />
    </bean>

    <bean id='placeholderConfig'
        class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'>
        <property name='locations'>
            <list>
                <value>classpath:login.properties</value>
            </list>
        </property>
    </bean>

    <bean id='dataSource' class='com.mchange.v2.c3p0.ComboPooledDataSource'>
        <!--Driver name to connect to the database -->
        <property name='driverClass'>
            <value>${login.jdbc.driver}</value>
        </property>
        <!--DB URL -->
        <property name='jdbcUrl'>
            <value>${login.url}</value>
        </property>
        <!--DB User used to connect to the schema -->
        <property name='user'>
            <value>${login.username}</value>
        </property>
        <!--Password required to access for the above user -->
        <property name='password'>
            <value>${login.password}</value>
        </property>
        <!-- configuration pool via c3p0 -->
        <property name='acquireIncrement'>
            <value>${login.c3p0.acquireIncrement}</value>
        </property>
        <property name='idleConnectionTestPeriod'>
            <value>${login.c3p0.idleConnectionTestPeriod}</value>
            <!-- seconds -->
        </property>
        <property name='maxPoolSize'>
            <value>${login.c3p0.maxPoolSize}</value>
        </property>
        <property name='maxStatements'>
            <value>${login.c3p0.maxStatements}</value>
        </property>
        <property name='minPoolSize'>
            <value>${login.c3p0.minPoolSize}</value>
        </property>
        <property name='initialPoolSize'>
            <value>${login.c3p0.initialPoolSize}</value>
        </property>
        <property name='maxIdleTime'>
            <value>${login.c3p0.maxIdleTime}</value>
        </property>
        <property name='acquireRetryAttempts'>
            <value>${login.c3p0.acquireRetryAttempts}</value>
        </property>
        <property name='acquireRetryDelay'>
            <value>${login.c3p0.acquireRetryDelay}</value>
        </property>
        <property name='breakAfterAcquireFailure'>
            <value>${login.c3p0.breakAfterAcquireFailure}</value>
        </property>
    </bean>

    <sec:http>
        <sec:intercept-url pattern="/wifAdmin/*" access="ROLE_USER" />
        <sec:form-login login-page='/wifAdmin'
            default-target-url='/wifAdmin' authentication-failure-url='/wifAdmin?error=true' />
        <sec:logout logout-success-url='/wifAdmin' />
        <sec:anonymous username='guest' granted-authority='ROLE_GUEST' />
        <sec:remember-me />
    </sec:http>
    <sec:authentication-manager>
        <sec:authentication-provider>
            <sec:user-service>
                <sec:user name='admin' password='secret' authorities='ROLE_ADMIN,ROLE_USER' />
            </sec:user-service>
        </sec:authentication-provider>
    </sec:authentication-manager>

</beans>

index.jsp:

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<html>
<head>
<title>Login</title>
</head>

<body>
    <c:if test="${not empty param.error}">
        <font color="red"> Login error. <br /> Reason :
            ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
        </font>
    </c:if>

    <form method="POST" action="<c:url value="/wifAdmin/logged" />">
        <table>
            <tr>
                <td align="right">Username</td>
                <td><input type="text" name="j_username" /></td>
            </tr>
            <tr>
                <td align="right">Password</td>
                <td><input type="password" name="j_password" /></td>
            </tr>

            <tr>
                <td colspan="2" align="right"><input type="submit"
                    value="Login" /></td>
            </tr>
        </table>
    </form>
</body>
</html>

manage.jsp:

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec"
    uri="http://www.springframework.org/security/tags"%>
<html>
<head>
<title>Home</title>
</head>
<body>
    <a href=<c:url value="/j_spring_security_logout"/>>Logout</a>
    <br />

    <sec:authorize ifAnyGranted="ROLE_ADMIN">
        <h1>Only admin can see this</h1>
        <br />
        <a href="admin"> Admin Home </a>
    </sec:authorize>

    <h1>Welcome</h1>



</body>
</html>

ChatController.java:

@Controller
public class WifchatManagement {

    @RequestMapping(value = "/wifAdmin", method = RequestMethod.GET)
    public String wifAdmin(Model model) {
        return "wifManagement/index";
    }

    @RequestMapping(value = "/wifAdmin/logged", method = RequestMethod.GET)
    public String setUp(Model model) {
        return "wifManagement/manage";
    }

}

Проблемы:

1. Spring Security не фильтрует URL-адрес, и я могу получить доступ /wifAdmin/зарегистрирован как гость.
2. В форме index.jsp URL-адрес действия перенаправляется только в /wifAdmin/logged. Если я изменил значение действия на "j_spring_security_check" - оно дает ошибку "Не найдено". Похоже, Spring Security не работает.

Я использую:

• весенний каркас 4.0.2
• весенняя безопасность 3.2.1

Спасибо за любую помощь.