content/learn/projects/authroles.html - wicket-site - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
     <title>Apache Wicket - Wicket Auth/Roles</title>

 	<link rel="stylesheet" href="/css/screen.css" type="text/css" media="screen" />

     <!--[if lt ie 7]>
 	<link rel="stylesheet" href="/css/ie.css" type="text/css" media="screen" />
     <![endif]-->
     <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" />
 	<link rel="alternate" type="application/atom+xml" href="/atom.xml" />
 	<meta http-equiv="content-type" content="text/html;charset=utf-8" />
 </head>
 <body>
 <div id="container">
     <div id="content">
         <div id="header"><a href="/"><h1 id="logo"><span>Apache Wicket</span></h1></a></div>
 		<div id="navigation">
 	<h5><a name="Navigation-Wicket"></a>Meet Wicket</h5>
 	<ul>
 		<li>
 			<a href="/" title="Index">Home</a>
 		</li>
 		<li>
 			<a href="/meet/introduction.html" title="Introduction">Introduction</a>
 		</li>
 		<li>
 			<a href="/meet/features.html" title="Features">Features</a>
 		</li>
 		<li>
 			<a href="/meet/buzz.html" title="Buzz">Buzz</a>
 		</li>
 		<li>
 			<a href="/meet/vision.html" title="Vision">Vision</a>
 		</li>
 		<li>
 			<a href="/meet/blogs.html" title="Blogs">Blogs</a>
 		</li>
 	</ul>
 	<h5>
 		<a name="Navigation-GettingStarted" id="Navigation-GettingStarted"></a>Get Started
 	</h5>
 	<ul>
 		<li>
 			<a href="/start/download.html" title="Download Wicket">Download Wicket</a>
 		</li>
 		<li>
 			<a href="/start/quickstart.html" title="Getting started via a Maven Archetype">Quickstart</a>
 		</li>
 		<li>
 			<a href="http://www.jweekend.com/dev/LegUp" rel="nofollow">More archetypes</a>
 		</li>
 		<li>
 			<a href="/help" title="Get help">Get help</a>
 		</li>
 		<li>
 			<a href="/help/email.html" title="Wicket Mailing Lists">Mailing Lists</a>
 		</li>
 	</ul>
 	<h5>
 		<a name="Navigation-Documentation" id="Navigation-Documentation"></a>Learn
 	</h5>
 	<ul>
 		<li>
 			<a href="/start/userguide.html" title="User Guide">User Guide</a>
 		</li>
 		<li>
 			<a href="/learn/examples" title="Examples">Examples</a>
 		</li>
 		<li>
 			<a href="http://www.wicket-library.com/wicket-examples/compref/">Components</a>
 		</li>
 		<li>
 			<a href="/learn/projects/" title="Projects extending basic Wicket">Projects</a>
 		</li>
 		<li>
 			<a href="https://cwiki.apache.org/confluence/display/WICKET">Wiki</a>
 		</li>
 		<li>
 			<a href="https://cwiki.apache.org/confluence/display/WICKET/Reference+library">Reference guide</a>
 		</li>
 		<li>
 			<a href="/learn/books" title="Books">Books</a>
 		</li>
 		<li>
 			<a href="/learn/ides.html" title="IDEs">IDEs</a>
 		</li>
 	</ul>
 	<h5>
 		<a name="Navigation-Releases" id="Navigation-Releases"></a>Releases
 	</h5>
 	<ul>
 		<li>
 			<a href="http://www.apache.org/dyn/closer.cgi/wicket/6.20.0">Wicket 6.20</a>
 		</li>
 		<li>
 			<a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.13">Wicket 1.5</a>
 		</li>
 		<li>
 			<a href="http://www.apache.org/dyn/closer.cgi/wicket/1.4.23">Wicket 1.4</a>
 		</li>
 		<li>
 			<a href="http://www.apache.org/dyn/closer.cgi/wicket/1.3.7">Wicket 1.3</a>
 		</li>
 		<li>
 			<a href="http://wicket.sf.net/wicket-1.2" class="external-link" rel="nofollow">Wicket 1.2</a>
 		</li>
 		<li>
 			<a href="http://wicket.sf.net/wicket-1.1" class="external-link" rel="nofollow">Wicket 1.1</a>
 		</li>
 		<li>
 			<a href="http://wicket.sf.net/wicket-1.0" class="external-link" rel="nofollow">Wicket 1.0</a>
 		</li>
 	</ul>
 	<h5>
 		<a name="Navigation-Docs" id="Navigation-Docs"></a>API Docs
 	</h5>
 	<ul>
 		<li>
 			<a href="http://ci.apache.org/projects/wicket/apidocs/6.x/" title="JavaDocs of Apache Wicket 6.x">Wicket 6.x</a>
 		</li>
 		<li>
 			<a href="http://ci.apache.org/projects/wicket/apidocs/1.5.x/" title="JavaDocs of Apache Wicket 1.5.x">Wicket 1.5</a>
 		</li>
 		<li>
 			<a href="http://ci.apache.org/projects/wicket/apidocs/1.4.x" title="JavaDocs of Apache Wicket 1.4.x">Wicket 1.4</a>
 		</li>
 		<li>
 			<a href="http://ci.apache.org/projects/wicket/apidocs/1.3.x" title="JavaDocs of Apache Wicket 1.3.x">Wicket 1.3</a>
 		</li>
 	</ul>
 	<h5>Wicket 7.x</h5>
 	<ul>
 		<li>
 			<a href="http://www.apache.org/dyn/closer.cgi/wicket/7.0.0-M6">Download M6</a>
 		</li>
 		<li>
 			<a href="https://cwiki.apache.org/confluence/display/WICKET/Migration+to+Wicket+7.0">Migration guide</a>
 		</li>
 		<li>
 			<a href="http://ci.apache.org/projects/wicket/apidocs/7.x/" title="JavaDocs of Apache Wicket 7.x">API Docs 7.x</a>
 		</li>
 	</ul>
 	<h5>
 		<a name="Navigation-Developers" id="Navigation-Developers"></a>Contribute
 	</h5>
 	<ul>
 		<li>
 			<a href="/contribute/write.html" title="Writing documentation">Writing docs</a>
 		</li>
 		<li>
 			<a href="/contribute/build.html" title="Building from SVN">Build Wicket</a>
 		</li>
 		<li>
 			<a href="/contribute/patch.html" title="Provide a patch">Provide a patch</a>
 		</li>
 		<li>
 			<a href="/contribute/release.html" title="Release Wicket">Release Wicket</a>
 		</li>
 		<li>
 			<a href="https://fisheye6.atlassian.com/browse/wicket-git" title="Git Overview" class="external-link" rel="nofollow">Fisheye</a>
 		</li>
 	</ul>
 	<h5>
 		<a name="Navigation-Apache" id="Navigation-Apache"></a>Apache
 	</h5>
 	<ul>
 		<li>
 			<a href="http://www.apache.org/" class="external-link" rel="nofollow">Apache</a>
 		</li>
 		<li>
 			<a href="http://www.apache.org/licenses/" class="external-link" rel="nofollow">License</a>
 		</li>
 		<li>
 			<a href="http://www.apache.org/foundation/sponsorship.html" class="external-link" rel="nofollow">Sponsorship</a>
 		</li>
 		<li>
 			<a href="http://apache.org/foundation/thanks.html" class="external-link" rel="nofollow">Thanks</a>
 		</li>
 		<li>
 			<a href="/apache/friends.html" title="Apache projects using Wicket">Friends</a>
 		</li>
 	</ul>
 </div>

 		<div id="contentbody">
 			<h1>Wicket Auth/Roles</h1>
 			<p>This is mostly a technology demonstration implementing authorization and
 authentication for the Apache Wicket web framework. The project supplies roles
 based authorization and some simple authentication components.</p>

 <h2 id="contents">Contents</h2>

 <ul>
   <li><a href="#introduction">Introduction</a></li>
   <li><a href="#example">Example</a></li>
   <li><a href="#installing">Installing</a></li>
 </ul>

 <h2 id="introduction">Introduction</h2>

 <p>Wicket Auth/Roles is a simplistic but useful security extension to the Wicket
 framework. It is intended to be simplistic and not to be confused with a
 framework. If you find this library useful, great. If you need more than is
 supplied by this library, either look at <a href="#alternatives">alternative security
 integrations</a> or copy these classes and modify them at will
 (this project <strong>is</strong> <a href="http://www.apache.org/licenses/">open source</a> after
 all.)</p>

 <p>Like most if not all security solutions for Wicket, this project provides an
 implementation for Wicket’s <code>IAuthorizationStrategy</code>. When an authorization
 strategy is installed in the security settings
 (<code>WebApplication#getSecuritySettings</code>), Wicket will check for each component
 (including pages) if instantiation is allowed and if rendering is allowed.</p>

 <p>For more documentation use the following links:</p>

 <ul>
   <li><a href="http://wicket.apache.org/apidocs/1.5/org/apache/wicket/authentication/package-summary.html">Authentication API</a></li>
   <li><a href="http://wicket.apache.org/apidocs/1.5/org/apache/wicket/authorization/package-summary.html">Authorization API</a></li>
 </ul>

 <p>Note that for the instantiation check Wicket will invoke the constructor
 hierarchy of your component, but will throw an exception if the authorization
 check fails.</p>

 <h3 id="authentication">Authentication</h3>

 <p>As a basis, you should extend your web application class from
 <code>AuthenticatedWebApplication</code>. When you create your class you’ll be asked to
 override the following methods:</p>

 <ul>
   <li><code>newSession</code> - return a subclass of <code>AuthenticatedWebSession</code></li>
   <li><code>getSignInPageClass</code> - return the class for your login page (this one should
 not require authentication, otherwise you’ll create an infinite loop)</li>
 </ul>

 <p>Next you’ll need to provide your custom session class-making it a subclass of
 <code>AuthenticatedWebSession</code>. This class requires you to override the following
 methods:</p>

 <ul>
   <li><code>authenticate</code> - called when the user needs to be authenticated using a
 username and password</li>
   <li><code>getRoles</code> - called after the users was authenticated and should provide the
 roles associated with the authenticated user.</li>
 </ul>

 <p>You can use the provided <code>SignInPage</code>, which has been translated to a couple
 of languages (see the source code for the actual translations), or roll your
 own. When you roll your own, you can opt to use the provided <code>SignInPanel</code>
 (which has been translated as well) so you don’t have to create your own login
 form.</p>

 <h3 id="authorization">Authorization</h3>

 <p>Annotation for configuring what roles are allowed for instantiation the
 annotated component or package. This annotation can be used for classes and
 packages, and can be used like this:</p>

 <div class="highlight"><pre><code class="language-java" data-lang="java"><span class="c1">// only users with role ADMIN are allowed to create instances of this page, whether it is</span>
 <span class="c1">// either bookmarkable or not</span>
 <span class="nd">@AuthorizeInstantiation</span><span class="o">(</span><span class="s">&quot;ADMIN&quot;</span><span class="o">)</span>
 <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AdminAnnotationsBookmarkablePage</span> <span class="kd">extends</span> <span class="n">WebPage</span></code></pre></div>

 <p>When someone who doesn’t have the role ADMIN, Wicket will not allow the page
 to be fully constructed and throw an authorization exception during the
 construction of the page. This will result in an access denied page for the
 user.</p>

 <p>Enablng the annotations for role based authorization is done by setting the
 <code>WebApplication#getSecuritySettings</code> value to
 <code>AnnotationsRoleAuthorizationStrategy</code>. Then you can use the auth/roles
 provided authorization annotations.</p>

 <h3 id="alternatives">Alternatives</h3>

 <p>More elaborate security solutions exist in the following projects:</p>

 <ul>
   <li><a href="https://github.com/wicketstuff/core/tree/core-1.5.x/jdk-1.5-parent/shiro-security">Wicket Shiro</a> -
 integration between Apache Shiro and Wicket</li>
   <li><a href="https://github.com/wicketstuff/core/tree/core-1.5.x/jdk-1.5-parent/wicket-security-parent">Wicket Security</a>
     <ul>
       <li>JAAS inspired, principal based security framework</li>
     </ul>
   </li>
 </ul>

 <p>If other security solutions are available for Wicket, <a href="https://issues.apache.org/jira/browse/WICKET">let us
 know</a>.</p>

 <h2 id="example">Example</h2>

 <p>The Wicket Examples project contains a <a href="http://wicket-library.com/wicket-examples/authorization">complete
 example</a> of limiting
 access to pages and components using roles based authorization. It also contains
 an <a href="http://wicket-library.com/wicket-examples/authentication">authentication
 example</a>.</p>

 <p>Click on the source links to see the related source code.</p>

 <h2 id="installing">Installing</h2>

 <p>Installing Wicket Auth/Roles can be done through adding a dependency in your
 project’s Maven pom, or by putting the wicket-auth-roles.jar and the required
 dependencies in your projects classpath.</p>

 <h3 id="using-maven">Using Maven</h3>

 <p>Add the following dependency to your pom:</p>

 <div class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt">&lt;dependency&gt;</span>
     <span class="nt">&lt;groupId&gt;</span>org.apache.wicket<span class="nt">&lt;/groupId&gt;</span>
     <span class="nt">&lt;artifactId&gt;</span>wicket-auth-roles<span class="nt">&lt;/artifactId&gt;</span>
     <span class="nt">&lt;version&gt;</span>6.20.0<span class="nt">&lt;/version&gt;</span>
 <span class="nt">&lt;/dependency&gt;</span></code></pre></div>

 <h3 id="required-dependencies">Required dependencies</h3>

 <p>Wicket Auth/Roles requires the following jar files to be on your classpath:</p>

 <ul>
   <li>Wicket</li>
   <li>Wicket Auth/Roles</li>
 </ul>


 		</div>
         <div id="clearer"></div>
 		<div id="footer"><span>
 Copyright &copy; 2015 &mdash; The Apache Software Foundation. Apache Wicket,
 Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo
 are trademarks of The Apache Software Foundation. All other marks mentioned
 may be trademarks or registered trademarks of their respective owners.
 </span></div>

     </div>
 </div>
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Apache Wicket - Wicket Auth/Roles</title>

	<link rel="stylesheet" href="/css/screen.css" type="text/css" media="screen" />

	<!--[if lt ie 7]>
	<link rel="stylesheet" href="/css/ie.css" type="text/css" media="screen" />
	<![endif]-->
	<link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" />
	<link rel="alternate" type="application/atom+xml" href="/atom.xml" />
	<meta http-equiv="content-type" content="text/html;charset=utf-8" />
	</head>
	<body>
	<div id="container">
	<div id="content">
	<div id="header"><a href="/"><h1 id="logo"><span>Apache Wicket</span></h1></a></div>
	<div id="navigation">
	<h5><a name="Navigation-Wicket"></a>Meet Wicket</h5>
	<ul>
	<li>
	<a href="/" title="Index">Home</a>
	</li>
	<li>
	<a href="/meet/introduction.html" title="Introduction">Introduction</a>
	</li>
	<li>
	<a href="/meet/features.html" title="Features">Features</a>
	</li>
	<li>
	<a href="/meet/buzz.html" title="Buzz">Buzz</a>
	</li>
	<li>
	<a href="/meet/vision.html" title="Vision">Vision</a>
	</li>
	<li>
	<a href="/meet/blogs.html" title="Blogs">Blogs</a>
	</li>
	</ul>
	<h5>
	<a name="Navigation-GettingStarted" id="Navigation-GettingStarted"></a>Get Started
	</h5>
	<ul>
	<li>
	<a href="/start/download.html" title="Download Wicket">Download Wicket</a>
	</li>
	<li>
	<a href="/start/quickstart.html" title="Getting started via a Maven Archetype">Quickstart</a>
	</li>
	<li>
	<a href="http://www.jweekend.com/dev/LegUp" rel="nofollow">More archetypes</a>
	</li>
	<li>
	<a href="/help" title="Get help">Get help</a>
	</li>
	<li>
	<a href="/help/email.html" title="Wicket Mailing Lists">Mailing Lists</a>
	</li>
	</ul>
	<h5>
	<a name="Navigation-Documentation" id="Navigation-Documentation"></a>Learn
	</h5>
	<ul>
	<li>
	<a href="/start/userguide.html" title="User Guide">User Guide</a>
	</li>
	<li>
	<a href="/learn/examples" title="Examples">Examples</a>
	</li>
	<li>
	<a href="http://www.wicket-library.com/wicket-examples/compref/">Components</a>
	</li>
	<li>
	<a href="/learn/projects/" title="Projects extending basic Wicket">Projects</a>
	</li>
	<li>
	<a href="https://cwiki.apache.org/confluence/display/WICKET">Wiki</a>
	</li>
	<li>
	<a href="https://cwiki.apache.org/confluence/display/WICKET/Reference+library">Reference guide</a>
	</li>
	<li>
	<a href="/learn/books" title="Books">Books</a>
	</li>
	<li>
	<a href="/learn/ides.html" title="IDEs">IDEs</a>
	</li>
	</ul>
	<h5>
	<a name="Navigation-Releases" id="Navigation-Releases"></a>Releases
	</h5>
	<ul>
	<li>
	<a href="http://www.apache.org/dyn/closer.cgi/wicket/6.20.0">Wicket 6.20</a>
	</li>
	<li>
	<a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.13">Wicket 1.5</a>
	</li>
	<li>
	<a href="http://www.apache.org/dyn/closer.cgi/wicket/1.4.23">Wicket 1.4</a>
	</li>
	<li>
	<a href="http://www.apache.org/dyn/closer.cgi/wicket/1.3.7">Wicket 1.3</a>
	</li>
	<li>
	<a href="http://wicket.sf.net/wicket-1.2" class="external-link" rel="nofollow">Wicket 1.2</a>
	</li>
	<li>
	<a href="http://wicket.sf.net/wicket-1.1" class="external-link" rel="nofollow">Wicket 1.1</a>
	</li>
	<li>
	<a href="http://wicket.sf.net/wicket-1.0" class="external-link" rel="nofollow">Wicket 1.0</a>
	</li>
	</ul>
	<h5>
	<a name="Navigation-Docs" id="Navigation-Docs"></a>API Docs
	</h5>
	<ul>
	<li>
	<a href="http://ci.apache.org/projects/wicket/apidocs/6.x/" title="JavaDocs of Apache Wicket 6.x">Wicket 6.x</a>
	</li>
	<li>
	<a href="http://ci.apache.org/projects/wicket/apidocs/1.5.x/" title="JavaDocs of Apache Wicket 1.5.x">Wicket 1.5</a>
	</li>
	<li>
	<a href="http://ci.apache.org/projects/wicket/apidocs/1.4.x" title="JavaDocs of Apache Wicket 1.4.x">Wicket 1.4</a>
	</li>
	<li>
	<a href="http://ci.apache.org/projects/wicket/apidocs/1.3.x" title="JavaDocs of Apache Wicket 1.3.x">Wicket 1.3</a>
	</li>
	</ul>
	<h5>Wicket 7.x</h5>
	<ul>
	<li>
	<a href="http://www.apache.org/dyn/closer.cgi/wicket/7.0.0-M6">Download M6</a>
	</li>
	<li>
	<a href="https://cwiki.apache.org/confluence/display/WICKET/Migration+to+Wicket+7.0">Migration guide</a>
	</li>
	<li>
	<a href="http://ci.apache.org/projects/wicket/apidocs/7.x/" title="JavaDocs of Apache Wicket 7.x">API Docs 7.x</a>
	</li>
	</ul>
	<h5>
	<a name="Navigation-Developers" id="Navigation-Developers"></a>Contribute
	</h5>
	<ul>
	<li>
	<a href="/contribute/write.html" title="Writing documentation">Writing docs</a>
	</li>
	<li>
	<a href="/contribute/build.html" title="Building from SVN">Build Wicket</a>
	</li>
	<li>
	<a href="/contribute/patch.html" title="Provide a patch">Provide a patch</a>
	</li>
	<li>
	<a href="/contribute/release.html" title="Release Wicket">Release Wicket</a>
	</li>
	<li>
	<a href="https://fisheye6.atlassian.com/browse/wicket-git" title="Git Overview" class="external-link" rel="nofollow">Fisheye</a>
	</li>
	</ul>
	<h5>
	<a name="Navigation-Apache" id="Navigation-Apache"></a>Apache
	</h5>
	<ul>
	<li>
	<a href="http://www.apache.org/" class="external-link" rel="nofollow">Apache</a>
	</li>
	<li>
	<a href="http://www.apache.org/licenses/" class="external-link" rel="nofollow">License</a>
	</li>
	<li>
	<a href="http://www.apache.org/foundation/sponsorship.html" class="external-link" rel="nofollow">Sponsorship</a>
	</li>
	<li>
	<a href="http://apache.org/foundation/thanks.html" class="external-link" rel="nofollow">Thanks</a>
	</li>
	<li>
	<a href="/apache/friends.html" title="Apache projects using Wicket">Friends</a>
	</li>
	</ul>
	</div>

	<div id="contentbody">
	<h1>Wicket Auth/Roles</h1>
	<p>This is mostly a technology demonstration implementing authorization and
	authentication for the Apache Wicket web framework. The project supplies roles
	based authorization and some simple authentication components.</p>

	<h2 id="contents">Contents</h2>

	<ul>
	<li><a href="#introduction">Introduction</a></li>
	<li><a href="#example">Example</a></li>
	<li><a href="#installing">Installing</a></li>
	</ul>

	<h2 id="introduction">Introduction</h2>

	<p>Wicket Auth/Roles is a simplistic but useful security extension to the Wicket
	framework. It is intended to be simplistic and not to be confused with a
	framework. If you find this library useful, great. If you need more than is
	supplied by this library, either look at <a href="#alternatives">alternative security
	integrations</a> or copy these classes and modify them at will
	(this project <strong>is</strong> <a href="http://www.apache.org/licenses/">open source</a> after
	all.)</p>

	<p>Like most if not all security solutions for Wicket, this project provides an
	implementation for Wicket’s <code>IAuthorizationStrategy</code>. When an authorization
	strategy is installed in the security settings
	(<code>WebApplication#getSecuritySettings</code>), Wicket will check for each component
	(including pages) if instantiation is allowed and if rendering is allowed.</p>

	<p>For more documentation use the following links:</p>

	<ul>
	<li><a href="http://wicket.apache.org/apidocs/1.5/org/apache/wicket/authentication/package-summary.html">Authentication API</a></li>
	<li><a href="http://wicket.apache.org/apidocs/1.5/org/apache/wicket/authorization/package-summary.html">Authorization API</a></li>
	</ul>

	<p>Note that for the instantiation check Wicket will invoke the constructor
	hierarchy of your component, but will throw an exception if the authorization
	check fails.</p>

	<h3 id="authentication">Authentication</h3>

	<p>As a basis, you should extend your web application class from
	<code>AuthenticatedWebApplication</code>. When you create your class you’ll be asked to
	override the following methods:</p>

	<ul>
	<li><code>newSession</code> - return a subclass of <code>AuthenticatedWebSession</code></li>
	<li><code>getSignInPageClass</code> - return the class for your login page (this one should
	not require authentication, otherwise you’ll create an infinite loop)</li>
	</ul>

	<p>Next you’ll need to provide your custom session class-making it a subclass of
	<code>AuthenticatedWebSession</code>. This class requires you to override the following
	methods:</p>

	<ul>
	<li><code>authenticate</code> - called when the user needs to be authenticated using a
	username and password</li>
	<li><code>getRoles</code> - called after the users was authenticated and should provide the
	roles associated with the authenticated user.</li>
	</ul>

	<p>You can use the provided <code>SignInPage</code>, which has been translated to a couple
	of languages (see the source code for the actual translations), or roll your
	own. When you roll your own, you can opt to use the provided <code>SignInPanel</code>
	(which has been translated as well) so you don’t have to create your own login
	form.</p>

	<h3 id="authorization">Authorization</h3>

	<p>Annotation for configuring what roles are allowed for instantiation the
	annotated component or package. This annotation can be used for classes and
	packages, and can be used like this:</p>

	<div class="highlight"><pre><code class="language-java" data-lang="java"><span class="c1">// only users with role ADMIN are allowed to create instances of this page, whether it is</span>
	<span class="c1">// either bookmarkable or not</span>
	<span class="nd">@AuthorizeInstantiation</span><span class="o">(</span><span class="s">"ADMIN"</span><span class="o">)</span>
	<span class="kd">public</span> <span class="kd">class</span> <span class="nc">AdminAnnotationsBookmarkablePage</span> <span class="kd">extends</span> <span class="n">WebPage</span></code></pre></div>

	<p>When someone who doesn’t have the role ADMIN, Wicket will not allow the page
	to be fully constructed and throw an authorization exception during the
	construction of the page. This will result in an access denied page for the
	user.</p>

	<p>Enablng the annotations for role based authorization is done by setting the
	<code>WebApplication#getSecuritySettings</code> value to
	<code>AnnotationsRoleAuthorizationStrategy</code>. Then you can use the auth/roles
	provided authorization annotations.</p>

	<h3 id="alternatives">Alternatives</h3>

	<p>More elaborate security solutions exist in the following projects:</p>

	<ul>
	<li><a href="https://github.com/wicketstuff/core/tree/core-1.5.x/jdk-1.5-parent/shiro-security">Wicket Shiro</a> -
	integration between Apache Shiro and Wicket</li>
	<li><a href="https://github.com/wicketstuff/core/tree/core-1.5.x/jdk-1.5-parent/wicket-security-parent">Wicket Security</a>
	<ul>
	<li>JAAS inspired, principal based security framework</li>
	</ul>
	</li>
	</ul>

	<p>If other security solutions are available for Wicket, <a href="https://issues.apache.org/jira/browse/WICKET">let us
	know</a>.</p>

	<h2 id="example">Example</h2>

	<p>The Wicket Examples project contains a <a href="http://wicket-library.com/wicket-examples/authorization">complete
	example</a> of limiting
	access to pages and components using roles based authorization. It also contains
	an <a href="http://wicket-library.com/wicket-examples/authentication">authentication
	example</a>.</p>

	<p>Click on the source links to see the related source code.</p>

	<h2 id="installing">Installing</h2>

	<p>Installing Wicket Auth/Roles can be done through adding a dependency in your
	project’s Maven pom, or by putting the wicket-auth-roles.jar and the required
	dependencies in your projects classpath.</p>

	<h3 id="using-maven">Using Maven</h3>

	<p>Add the following dependency to your pom:</p>

	<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span>
	<span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span>
	<span class="nt"><artifactId></span>wicket-auth-roles<span class="nt"></artifactId></span>
	<span class="nt"><version></span>6.20.0<span class="nt"></version></span>
	<span class="nt"></dependency></span></code></pre></div>

	<h3 id="required-dependencies">Required dependencies</h3>

	<p>Wicket Auth/Roles requires the following jar files to be on your classpath:</p>

	<ul>
	<li>Wicket</li>
	<li>Wicket Auth/Roles</li>
	</ul>


	</div>
	<div id="clearer"></div>
	<div id="footer"><span>
	Copyright © 2015 — The Apache Software Foundation. Apache Wicket,
	Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo
	are trademarks of The Apache Software Foundation. All other marks mentioned
	may be trademarks or registered trademarks of their respective owners.
	</span></div>

	</div>
	</div>
	</body>
	</html>