I have several page that are used for administering. But now every one could enter it if they input right url. I want to redirect them to the login page if they aren't login. How to achieve it? JSF 2.1
there are several libraries or mechanisms to protect your pages from un-authorized users. In a Java EE environment you usually use the features from the application server and configure some security constraints in web.xml
If you want to rely on a more independent technology I can recommend Spring Security: http://www.springsource.org/spring-security (if you are using spring already that would be my first choice) and Apache Shiro: http://shiro.apache.org/ (which to me is a slightly simpler to understand)
The manual approach would be to create a Servlet-Filter in web.xml to protect certain urls (both frameworks above work like that).