When I click 'Login' link (located in template) I submit form by executing the action method which determines current page. Action method returns 'pretty:login'
for the following prettyfaces mapping:
As a result my url ends by '/login' which causes embedded JavaEE security system to intercept this url.
After I fill in login form and click 'Login' button I am not redirected to '/forums.jsf' and even pretty method user.redirectLoggedInUser is not called at all !!!
Login button is simplest: <input class="loginSubmit" value="Login" type="submit" title="Click to login!" />
Very strange is that my main @SessionScoped bean is instantiated again(it is logged that @PostConstruct is called) and I am redirected to my home page.
Why is that?
Any time a session-scope Managed Bean is referenced via EL and it does not exist, it will be created on-demand. I don't really know what destroyed your original session object unless you had done a session.invalidate() somewhere.
When using container-managed security, Login is handled on-demand, so setting up an action to explicitly "go to login" isn't how it is done. In fact, you cannot "go to login", since the login screen has no functional URL to go to.
All that is necessary is that you request a secured URL. So if forums.jsf is a secured URL, the source action should request forums.jsf and login will be handled automatically, if needed. Because this is JSF, you need to include the redirect directive on the source navigation, though, or the requested URL won't be pointing to forums.jsf because of JSF's URL lag.
An IDE is no substitute for an Intelligent Developer.