Typically the solution here is to remove the servlet mapping for /faces/* which causes other issues with such inconsistencies, and just stick with *.xhtml as the servlet mapping, which eliminates the vulnerability in JSF where anyone can request your sources. This way the servlet path is the same as the resource path, with nothing ‘virtual’ added in.
It’s what I’ve always recommended people do even without Rewrite or PrettyFaces.
Additionally, this problem exists if you simply type in the path on the URL – it’s not actually cause by Rewrite, so… shame on you JSF 🙂
Do you play Magic?
Get TopDecked MTG, the #1 Magic App, built by players, for players. Free to use, forever.