I’m trying to create a test application using spring and wicket (without spring boot). I’m unable to trigger any authentication redirect.

I have added a SecurityConfig class as specified by the manual, and it’s been picked up by Spring.

For example my configure method is called

 

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
   http.authorizeRequests().anyRequest().authenticated();

}

 

However whatever page I call it is returned without taking any security into account.

 

This is my web.xml

 

       <servlet>

             <servlet-name>wicket</servlet-name>

             <servlet-class>org.apache.wicket.protocol.http.WicketServlet</servlet-class>

             <init-param>

                    <param-name>applicationFactoryClassName</param-name>

                    <param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>

             </init-param>

             <init-param>

                    <param-name>applicationBean</param-name>

                    <param-value>wicketApplication</param-value>

             </init-param>

             <load-on-startup>1</load-on-startup>

       </servlet>

 

    <servlet-mapping>

        <servlet-name>wicket</servlet-name>

        <url-pattern>/*</url-pattern>

    </servlet-mapping>

 

    <context-param>

        <param-name>contextConfigLocation</param-name>

        <param-value>/WEB-INF/applicationContext.xml</param-value>

    </context-param>

 

    <listener>

        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

    </listener>

 

The applicationContext does a component-scan.

Did I miss something that I need to add?