I am a new subscriber to the Wicket users list but have been using the
Wicket framework for about 3 years.
Recently I published an article documenting an approach my company uses
to secure Wicket applications. It uses a combination of Java EE
container security, Spring security and a few custom wicket components
(for controlling view of component by role and permission).
There is also a sample Wicket application using these controls on GIT Hub.
I plan on publishing another document later that goes beyond the simple
Jetty security provider by introducing policy enforcement mechanisms
more suitable for production.
Comments are welcome.