By default, <Wicket Objects> is configured to use Naked Objects' default authentication and authorization. This are both file-based, with a simple passwords file to define users, and a similar file to define authorization. Naked Objects does though provide an implementation for both that use LDAP. This is discussed in the Naked Objects documentation and in the DDDuNO book. Alternatively, you could always write your own implementations to hook into your own security infrastructure.