Resolved. I've just changed to authority instead of hole. Everything works fine now.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").hasAuthority("ADMINISTRADOR")
.antMatchers("/restricted/**").hasAnyAuthority("USUARIO", "ADMINISTRADOR")
.antMatchers("/resources/**", "/includes/**", "/cadastrar", "/logout", "/login", "/", "/home").permitAll()
.and().formLogin()
.loginPage("/login").defaultSuccessUrl("/restricted/teste", true)
.loginProcessingUrl("/login").failureUrl("/login?error=true").permitAll().and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/");
}