Hi,

A solution could be to send the data (username and hash password) with GET. For exemple, your link from Php page send the user to the /login.xhtml page of your Seam application.

In your file "pages.xml", you add :

<page view-id="/login.xhtml">
     <param name="username" value="#{credentials.username}" />
     <param name="password" value="#{credentials.password}" />
     <action execute="#{identity.login()}" />
</page>

This should execute a login() method when the user arrive on the page. Be carefull that the method will be call each time the user go to the page.

"login()" method will use your "authenticate()" method, it's there where you have to validate the data and return if yes or no the user can be authenticate.

You can also add a navigation case based on the return of the "login()" to redirect the user to another page or an error page.

Well, POST is not really more secure than GET in practice. The best way is to send your password hashed (hoping you hash your passwords).

In your Php page, you get the data from the form submitted by the user and then hash the password with an algorithm like SHA-512 before sending it with the username using GET method.

In your "authenticate()" method, you will have to get back your user from the database using #{credentials.username} and then compare the hashed version of the password with the one in database and look if it's match. If yes, then authenticate it.

Strange, it should work... I have the same navigation case in some of my applications and it works fine. Try :

<navigation from-action="#{identity.login}">
     <rule if-outcome="loggedIn">
          <redirect view-id="/paginas/busquedaBono.xhtml"/>
     </rule>
</navigation>

But it's quite the same as you... Sure the authenticate method returns a true value ? The /paginas/busquedaBono.xhtml is defined in the pages.xml ?