We've got a whole forum where people will admonish you not to to attempt premature optimisation. It's always better to write clean code, then analyse and optimise it
if it needs it than to create some baroque expensive construct that optimises stuff that doesn't need optimisation and/or gets in the way of true optimisation.
Actually, if high-speed logins are what you want, you probably will do much, much better not writing a login in
JSF at all. Use the
J2EE standard login services. They don't go through all the fuss about running the FacesServlet, mucking about with Component Trees or even general application overhead, since the container itself is handling the login.
Besides, of all the user-designed login/security systems I've seen since before even JSPs were invented, almost 100% of them had security flaws. Most, in fact, could be bypassed by non-technical people in 10 minutes or less. The standard security system is long since debugged, it's well-documented, and if it has ever been broken, no one told me about it.