Hi Martin This what I am thinking that I need a similar Authorisation plugging to shiro, my problem is that the security process is set-up in the web.xml file, then the auth method is declare as Keycloak. Which redirects to the provided server and provides a user principal back. Would I still need to create a filter for the authorization process.
Thanks David On 22 Apr 2016 9:57 a.m., "Martin Grigorov" <mgrigo...@apache.org> wrote: Hi, I don't know how Keycloak works but from my experience with Spring Security and Apache Shiro you have to create an AuthorizationStrategy that reads from somewhere (e.g. the Wicket Session or some Subject holder) the logged in User and then compares its roles with the one set in @AuthorizeAction on the Wicket component. Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Apr 22, 2016 at 12:34 AM, David Beer <david.m.b...@gmail.com> wrote: > Hi All > > I am looking at how to integrate JBoss Keycloak with wicket 7. I am not > quite sure where to start the configuration the example given is where the > jsp pages are secured by configuration in the web.xml file. Wicket is a > little different in that you need to create a Authorization Strategy. I am > not sure how to secure the pages I want to. > > Has anybody tried integrating wicket with keycloak before or even > picketlink. > > Thanks > > David >