Spring Security 4异常访问被拒绝

Question

帮助我。我尝试在线跟踪。在屏幕1中，我使用用户名和密码登录。但是当我按下登录按钮然后出现错误消息[异常错误消息访问被拒绝]

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/MH01*" access="permitAll" />
    <intercept-url pattern="/resources/**" access="permitAll" />
    <intercept-url pattern="/Erro" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    <access-denied-handler error-page="/Erro"/>
    <form-login 
        login-page="/MH01" 
        authentication-failure-url="/MH01?error"/>
    <logout logout-url="/logout" logout-success-url="/MH01?logout" />
    <csrf disabled="true"/>
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query= "
            SELECT USERNAME, PASSWORD, CASE ENABLED WHEN 1 THEN 'true' ELSE 'false' END 'ENABLED' 
            FROM TBL_USERS 
            WHERE USERNAME=?;"
            authorities-by-username-query = "
            SELECT USERNAME, PASSWORD, CASE ENABLED WHEN 1 THEN 'true' ELSE 'false' END 'ENABLED' 
            FROM TBL_USERS 
            WHERE USERNAME=?;"/>
    </authentication-provider>
</authentication-manager>

控制器：

List<String> lsMessage  = userService.doLogin(userDto);
    if(!lsMessage.isEmpty()) {
        userDto.setLsMessage(lsMessage);
    } else {
        SessionController.setDefaut(session);
        return "redirect:/" + Common.VMH02;
    }
    return Common.VMH01;

错误：

2016-05-06 08:38:20 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /MH02; Attributes: [hasRole('ROLE_USER')]
2016-05-06 08:38:20 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /MH02; Attributes: [hasRole('ROLE_USER')]
2016-05-06 08:38:20 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 440EF5F23A36FF1A6DFACFD29BD8EF60; Granted Authorities: ROLE_ANONYMOUS
2016-05-06 08:38:20 DEBUG FilterSecurityInterceptor:348 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 440EF5F23A36FF1A6DFACFD29BD8EF60; Granted Authorities: ROLE_ANONYMOUS
2016-05-06 08:38:20 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6ec34892, returned: -1
2016-05-06 08:38:20 DEBUG AffirmativeBased:66 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6ec34892, returned: -1
2016-05-06 08:38:20 DEBUG ExceptionTranslationFilter:174 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

登录表格

          <h3> Đăng nhập hệ thống</h3>
        <table class="table-login">
            <tr>
                <td class="td-label"><label for="username">Tên đăng nhập</label></td>
                <td><form:input type="text" path="username" id="userName" name ="userName"/></td>
            </tr>
            <tr>
                <td class="td-label"><label for="password">Tên đăng nhập</label></td>
                <td><form:password path="password" id="pass" /></td>
            </tr>
        </table>
        <div class="btnSearch-div">
            <a href="#" class="btn" id="btnLogin">Đăng nhập</a>
        </div>