Using form based authentication in JSF always makes me look for a login form that uses h:form instead of plain html. Here is a form that uses JAAS with proper xhtml using the JSF h:form tag:
<h:form id="login" onsubmit="document.getElementById('login').action='j_security_check';" prependId="false">
<h:outputLabel for="j_username" value="Username:" />
<h:inputText id="j_username" size="32" />
<h:outputLabel for="j_password" value="Password:" />
<h:inputSecret id="j_password" size="255" />
<h:commandButton id="submit" value="Login" ajax="false" />
</h:form>