For the past days I've been trying like crazy to create a jsf loginBean for my app but I did not find a working example nor figured it out by myself, so I came with a, what a believe to be ugly, solution, as follows:

HTML Code:
<p:dialog id="dialog" widgetVar="dlg" closable="false" draggable="false" resizable="false" header="Login" visible="true">
            <h:form>    
                <p:panelGrid columns="2">

                    <p:outputLabel for="username" value="Usuário:"/>
                    <p:inputText id="username"
                                 title="Preencha com o seu usuário (login)."
                                 required="false"
                                 value="#{loginBean.usuario}"/>

                    <p:outputLabel for="password" value="Senha:"/>
                    <p:password id="password"
                                title="Preencha com a sua senha."
                                required="true"
                                value="#{loginBean.senha}"/>

                    <f:facet name="footer">
                        <p:commandButton value="Entrar"
                                         actionListener="#{loginBean.doLogin}"
                                         oncomplete="handleLoginRequest(xhr, status, args)"/>
                    </f:facet>

                </p:panelGrid>
            </h:form>

<form id="form_spring" hidden="true" action="j_spring_security_check" method="post">  
                <h:panelGrid columns="2" cellpadding="3">  
                    <h:outputLabel for="j_username" value="Login:" />  
                    <p:inputText 
                        id="j_username" required="true" label="login" />                    
                    <h:outputLabel for="j_password" value="Senha:" />  
                    <p:password feedback="false" minLength="6"  
                                id="j_password" required="true" label="senha" />  
                </h:panelGrid>  
                <center>    
                    <h:commandButton id="b_login" value="Login" style="width:80pt"/>
                </center>
            </form>
        </p:dialog>
<script type="text/javascript">  
            function handleLoginRequest(xhr, status, args) { 

                if(args.validationFailed || !args.loggedIn) { 
                 jQuery('#dialog').effect("shake", { times:3 }, 100);  

                } else {  

                    dlg.hide();

                    document.getElementById("j_username").setAttribute("value", document.getElementById('login').getAttribute('value'));

                    document.getElementById("j_password").setAttribute("value", document.getElementById('senha').getAttribute('value'));

                    document.getElementById("b_login").click();
                }  
            }
            
            function setVariab(){
                document.getElementById("j_username").setAttribute("value", "");
                document.getElementById("j_password").setAttribute("value", "");
            }
        </script>
It consists of a form withina form, the second being triggered by the first one, if the user input return true from the loginBean.doLogin.
My point is: this is obviously a preposterous solution, but it works.
I would like to know if there's some kind of security breach or problems with that, and if someone can give/point me a functional example of a @ManagedBean/@Named controller for login, please!