Ok. If I understand correctly, you need to detect authentication. One way to do this in wicket is to redirect the user to a Login page when authentication is missing.
So: 1. User tries to access the secured page "StockQuote.class" 2. Wicket detects the user is not logged in and Redirects the user to "Login.class" 3. User logs in properly and Wicket redirects him back to "StockQuote.class" 4. If user fails login, something else happens.. that's up to you. I will copypaste here some snipplets (not all code included, only the essentials), which should get you going: public class MyApplication extends WebApplication { /** * @see wicket.protocol.http.WebApplication#init() */ @Override protected void init() { super.init(); getSecuritySettings().setAuthorizationStrategy(MyAuthorizationStrategy.getInstance()); getSecuritySettings().setUnauthorizedComponentInstantiationListener(MyAuthorizationStrategy.getInstance()); } } ::::::::::::::::::: public class MyAuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener { /** * @see wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy#isPageAuthorized(java.lang.Class) */ @Override protected boolean isPageAuthorized(Class pageClass) { // Check if the page required authorized access @SuppressWarnings("unchecked") boolean pageRequiresAuthentication = pageClass.isAnnotationPresent(AuthenticationRequired.class); // TODO You must create such annotation or devise other means of classifying pages.. it could also be simply just some kind of instanceof check if you want to be rigid if (pageRequiresAuthentication) { @SuppressWarnings("unchecked") return MyApplication.getSession().isAuthorized(authorizationRequired.emailConfirmationRequired()); } return true; } /** * @see wicket.authorization.IUnauthorizedComponentInstantiationListener#onUnauthorizedInstantiation(wicket.Component) */ public void onUnauthorizedInstantiation(Component component) { throw new RestartResponseAtInterceptPageException(Login.class); // If login fails, redirect to login } } ::::::::::::::::: public class Login extends WebPage { public Login() { final Form loginForm = new Form(LOGIN_FORM, new Model()); final TextField userIdField; { userIdField = new TextField(USER_ID, new Model()); userIdField.setRequired(true); loginForm.add(userIdField); } { rememberMe = new CheckBox("rememberMe", new Model()); loginForm.add(rememberMe); } final PasswordTextField passwdField; { passwdField = new PasswordTextField(PASSWORD, new Model()); passwdField.setResetPassword(false); loginForm.add(passwdField); } { SubmitLink loginButton = new SubmitLink(LOGIN_BUTTON, new Model()) { /** * @see org.apache.wicket.markup.html.form.SubmitLink#onSubmit() */ @Override public void onSubmit() { super.onSubmit(); String userAlias = userIdField.getValue(); String encryptedPassword; { String password = passwdField.getValue(); encryptedPassword = MyAuthorizationStrategy.encryptValue(PASSWORD_ENCRYPTION_KEY, password); } User user = LoginTransactions.getInstance().login(userAlias, encryptedPassword, Boolean.parseBoolean(rememberMe.getValue())); if (user != null) { // TODO Check if the user is allowed to login MyApplication.getSession().setUser(user); if (!continueToOriginalDestination()) { // This will try to send the user to the restricted page after login (if the user was originally going there) setResponsePage(MembersArea.class); // Else, if there is no default location, you need to brobably just select something.. } } else { // Acknowledge wrong password info("Wrong password."); } } }; loginForm.add(loginButton); } add(new FeedbackPanel("feedback")); add(loginForm); } } :::::::::: That should get you kickstarted? ** Martin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]