Two tips for the people who is fighting with these technologies:

  1. Implement the login page: here you have a great tutorial that explains how to implement a login page in JSF using Spring Security in only few lines of code.

  2. Somebody is implementing the tags for jsf. You can try his library : BodyGuard