JSF is not JSP. So what you know about JSP may do you more harm than good.
JSF2 has built-in tiling facilities, for example. So it's easy to setup common page headers and footers. Also, since JSF is more of a true implementation of the Model/View/Controller paradigm that just about any web framework out there, you shouldn't be putting logic on the View (jsp). That's what Controllers are for.
I could rant at length on the whole idea of a dynamic logic page, since that implies that you're doing Do-It-Yourself webapp security and I strongly discourage that for most webapps. The
J2EE framework security is more than sufficient for most webapps and a LOT more secure and it can automatically swap in login pages when they're needed. But that's another matter entirely.
If you're using PrettyFaces, you supply an action processor as part of the URL mapping in the pretty-config XML file. JSF actions return results that drive the navigation system, so you can select which page will be displayed based on what your action return value is.