Problem with Spring Security Login

I'm developing login page with spring security but when I start my project automatically redirected to the login page. I've a in my web.xml with redirect to index.xhtml, why is redirect to login.xhtml?

web.xml

<web-app >
<display-name>AirTour</display-name>

<welcome-file-list>
    <welcome-file>index.xhtml</welcome-file>
</welcome-file-list>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/conf/applicationContext.xml
     </param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>

applicationContext.xml

<security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="userDetailsManager">
        <security:password-encoder ref="passwordEncoder">
            <security:salt-source ref="saltSource"/>
        </security:password-encoder>
       </security:authentication-provider>
</security:authentication-manager>

<security:http  >
    <security:intercept-url pattern="/user/*" access="ROLE_USER"/>
    <security:intercept-url pattern="/comp/*" access="ROLE_COMP"/>
    <security:intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
    <security:intercept-url pattern="/*" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_COMP,ROLE_ADMIN"/>

<security:form-login login-page="/login"/>
</security:http>

The reason of this behavior is that anonymous users do not have roles. In other words, the problem is found from your application context configuration file:

You should use the permitAll() expression here. Also, you need to enable expressions since they are disabled by default. The relevant part of your application context configuration file should look as follows: