Here is a rough outline. You'll need to study wicket-auth-roles-example
to see how you can integrate this.
You can put the the Wicket servlet behind 2 different url patterns. In
your own session implementation you can access the http session and read
the authenticated user and/or roles as was set by Tomcat.
When authorisation is required and no user in the session, you can
forward to a secured url with a RestartResponseAtInterceptPageException.
Note that in this setup only the login page needs to be behind the
secured url.
Erik.
Dmitry Kandalov schreef:
> Erik van Oosten wrote:
>
>> Wicket supports per component authorisation. You could take a look at
>> wicket-auth-roles-example (a small project available through svn).
>> In this project some components (pages) are marked. The mark indicates
>> which roles are required for the component. As long as the user does not
>> hit those components the application runs fine. As soon as the user does
>> hit such a component, the sign-in page is displayed.
>>
>> Erik.
>>
>>
>
> Thanks for advice, example is good. But I have to use tomcat authentication
> (not authorization). To make it work I have to declare
> <security-constraint>.
>
--
Erik van Oosten
http://www.day-to-day-stuff.blogspot.com/
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
