Here is a rough outline. You'll need to study wicket-auth-roles-example to see how you can integrate this.
You can put the the Wicket servlet behind 2 different url patterns. In your own session implementation you can access the http session and read the authenticated user and/or roles as was set by Tomcat. When authorisation is required and no user in the session, you can forward to a secured url with a RestartResponseAtInterceptPageException. Note that in this setup only the login page needs to be behind the secured url. Erik. Dmitry Kandalov schreef: > Erik van Oosten wrote: > >> Wicket supports per component authorisation. You could take a look at >> wicket-auth-roles-example (a small project available through svn). >> In this project some components (pages) are marked. The mark indicates >> which roles are required for the component. As long as the user does not >> hit those components the application runs fine. As soon as the user does >> hit such a component, the sign-in page is displayed. >> >> Erik. >> >> > > Thanks for advice, example is good. But I have to use tomcat authentication > (not authorization). To make it work I have to declare > <security-constraint>. > -- Erik van Oosten http://www.day-to-day-stuff.blogspot.com/ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user