ztemplates supports declarative security with annotations.
To enable security, place a @ZSecure("requiredrole") annotation near the @ZMatch annotation on the action-pojo.
ztemplates will prevent the action from being executed if the user is not in the required role by throwing a ZSecurityException. You can handle this exception in your ZIExceptionService implementation.
If you use the ZIUrlFactory from the ServletService ztemplates will generate a secure url to a action-pojo annotated with @ZSecure. You should declare the security requirements for those urls in the web.xml. The secure url is created by the ZISecurityProvider that is provided by the ZISecurityService. The default implementation simply prepends '/secure' to the url. You can specify your own implementation of ZISecurityService like described in Services.