JSF - Spring Security Integration issue

Question

The Servlet 2.4+ API allows us to use the tag within the tag with values like FORWARD to interce

Answer 1

From the horse's mouth (oracle documentation)

If a navigation case does not use the redirect element, the new page is rendered as a response to the current request, which means that the URL in the browser's address field does not change and that it will contain the address of the previous page.

What this seems to translate to is that there is no 'forward' happening to the next page during the JSF lifecycle... and so Spring Security will never get a handle to this.