http://jira.springframework.org/browse/SEC-913. Applied patch as suggested (use sendRedirect method for failure URL).