I am in the middle of the process of upgrading a project to spring 3.2 and spring security 3.1 . site mesh is in the 2.4.2 version. the behavior is the next.
if i write the next url http://localhost:8081/erp-web/ the server gives me the only the login page.
but if i write the next url http://localhost:8081/erp-web/login.mavi the server gives me the login page properly decorated. like this 
this is my security conf
<security:intercept-url pattern="/decorators/**" access="permitAll"/>
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/login.do" access="permitAll" />
<security:form-login login-page="/login.do"
default-target-url="/home.do" authentication-failure-url="/login.do?login_error=1" />
<security:logout logout-success-url="/logout.do" delete-cookies="JSESSIONID"/>
and in the web.xml
<!-- SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SITEMESH -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
this is the view resolver.
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:viewClass="org.springframework.web.servlet.view.JstlView"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" />
cheers.
Ok. The solution was easy. i just added to my
decorators.xmlthis lineand now it looks like this.