Sean, Jean-Baptiste, Johan, Maurce, thanks for all of your help. I ended up using a combination of all suggestions, which worked well. Here's the final code in my Application class in case it's useful to anybody else:
protected void init() { super.init(); getSecuritySettings().setAuthorizationStrategy( new IAuthorizationStrategy() { public boolean isInstantiationAuthorized( Class componentClass ) { if( componentClass.getName().startsWith("wicket") ) { return true; //Allow wicket error messages to be displayed } try { boolean isAuthenticated = false; HttpServletRequest request = ((WebRequest)RequestCycle.get ().getRequest()).getHttpServletRequest(); String auth = request.getHeader("Authorization"); if (auth != null && auth.indexOf(' ') != -1) { // a valid auth header will have the type of auth, then a space, then the data auth = auth.substring(auth.indexOf(' ') + 1); auth = new String( new BASE64Decoder().decodeBuffer( auth ) ); int index = auth.indexOf(':'); if (index != -1) { String username = auth.substring(0, index); String password = auth.substring(index+1); isAuthenticated = authenticate( username, password ); } } return isAuthenticated; } catch( IOException e ) { throw new RuntimeException( e ); } } private boolean authenticate( String username, String password ) { //Authenticate here } public boolean isActionAuthorized( Component component, Action action ) { return true; } } ); getSecuritySettings().setUnauthorizedComponentInstantiationListener ( new IUnauthorizedComponentInstantiationListener() { public void onUnauthorizedInstantiation( Component component ) { HttpServletResponse response = ((WebResponse)component.getResponse ()).getHttpServletResponse(); response.setHeader("WWW-Authenticate", "Basic realm=\"" + getRealm () + "\""); throw new AbortWithHttpStatusException( 401, false ); } private String getRealm() { return "YourSecurityRealm"; } } ); } --Jesse Barnum, President, 360Works http://www.360works.com (770) 234-9293 On Jul 7, 2007, at 12:27 AM, Sean Sullivan wrote: > > Have you tried: > > import org.apache.wicket.protocol.http.servlet.*; > > > throw new AbortWithWebErrorCodeException(401) > > // or maybe: > > throw new AbortWithHttpStatusException(401, false) > > > > On 7/3/07, Maurice Marrink <[EMAIL PROTECTED] > wrote: > > > I did some digging in the code and found the following: using the > RequestCycle you can get the Response. which is most likely a > WebResponse from there you can get the HttpServletResponse and set the > statuscode to 401. Question remains how to tell wicket to stop > processing and simply return the statuscode. > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user