In client side validation, it's the client (webbrowser) which validates the input with help of a client side language, e.g. JavaScript. In server side validation, it's the server (webserver) which validates the input with help of a server side language, e.g. Java.
You should never do only client side validation, because the result is controllable (and thus also hackable/spoofable) by the enduser. Usually, you'd like to use client side validation because it gives much sooner feedback. The enduser doesn't need to wait for the form submit being completed and doesn't need to face a "flash of content" (page blanks out and then redisplays with new content). You'd like to use server side validation to ensure the integrity of the submitted data. The enduser has in no way control over the outcome of the server side validation.
In case of JSF, the validation is always server side. Since JSF 2.0 it's possible to submit a form (and thus also validate the form) using builtin ajaxical functionality. This combines the best of the two worlds: having instant feedback without flash of content and the robustness/integrity of the server side validation.