Hi David, I'm afraid you will have to look deeper in the Keycloac APIs to see how to set the principal yourself (after a successful login) and how to look it up later in the authorization strategy, in case you don't keep a reference to it in your Session.
Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Apr 22, 2016 at 5:14 PM, David Beer <david.m.b...@gmail.com> wrote: > Hi Martin > > This what I am thinking that I need a similar Authorisation plugging to > shiro, my problem is that the security process is set-up in the web.xml > file, then the auth method is declare as Keycloak. Which redirects to the > provided server and provides a user principal back. Would I still need to > create a filter for the authorization process. > > Thanks > > David > On 22 Apr 2016 9:57 a.m., "Martin Grigorov" <mgrigo...@apache.org> wrote: > > Hi, > > I don't know how Keycloak works but from my experience with Spring Security > and Apache Shiro you have to create an AuthorizationStrategy that reads > from somewhere (e.g. the Wicket Session or some Subject holder) the logged > in User and then compares its roles with the one set in @AuthorizeAction on > the Wicket component. > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Fri, Apr 22, 2016 at 12:34 AM, David Beer <david.m.b...@gmail.com> > wrote: > > > Hi All > > > > I am looking at how to integrate JBoss Keycloak with wicket 7. I am not > > quite sure where to start the configuration the example given is where > the > > jsp pages are secured by configuration in the web.xml file. Wicket is a > > little different in that you need to create a Authorization Strategy. I > am > > not sure how to secure the pages I want to. > > > > Has anybody tried integrating wicket with keycloak before or even > > picketlink. > > > > Thanks > > > > David > > >
