The "authorize" tag provided by Spring Security only works with JSP, not with Facelets. I have adapted the logic to fit into the Facelets framework.
Note that this has been tested with JSF 1.2, but not with JSF 2.0. It may need to be adapted to that API. For user convenience, a taglib.xml file should also be added to the META-INF dir of whichever jar this class ends up in.