I realized that when user is accessing a page when it is not logged in, the first thing that is happening is JSF lifecycle due to the error in SeamSecurityFilter:
if (!checkSecurityConstraints(hRequest.getServletPath(), hRequest.getMethod(), ident))
hResponse.sendRedirect(String.format("%s%s", hRequest.getContextPath(), config.getSecurityErrorPage()));
chain.doFilter(request, response);
Actually 'else' is missed:
if (!checkSecurityConstraints(hRequest.getServletPath(), hRequest.getMethod(), ident))
hResponse.sendRedirect(String.format("%s%s", hRequest.getContextPath(), config.getSecurityErrorPage()));
else
chain.doFilter(request, response);
