diff --git a/config.php.example b/config.php.example
index 9f5aa15..02408e6 100644
--- a/config.php.example
+++ b/config.php.example
@@ -6,7 +6,15 @@ $db_user = 'dbname';
 $db_pass = 'dbpassword';
 $db_name = 'dbuser';
 
-# Application language
+# Authentication
+# Users must have one of these entitlements in order to be able to
+# access the site. Users without any of the required entitlements
+# get redirected to their own loan listing page.
+$required_entitlements = array(
+    'urn:mace:swami.se:gmai:some-entitlement',
+);
+
+# Site language
 $language = 'en';
 
 # Site name
diff --git a/include/PublicPage.php b/include/PublicPage.php
index 92cd4d4..46c9673 100644
--- a/include/PublicPage.php
+++ b/include/PublicPage.php
@@ -14,6 +14,9 @@ class PublicPage extends Page {
 
         // The public page should not display a menu
         $this->menuitems = array();
+
+        // This page should not require any special entitlements
+        $this->authorized = true;
     }
 
     protected function render_body() {
diff --git a/include/Responder.php b/include/Responder.php
index dbc15a0..bbc9104 100644
--- a/include/Responder.php
+++ b/include/Responder.php
@@ -4,11 +4,29 @@ abstract class Responder {
     protected $ldap = null;
 
     public function __construct() {
-        global $language;
+        global $language, $required_entitlements;
+
+        $this->authorized = false;
+        $entitlements = explode(';', $_SERVER['entitlement']);
+        foreach($entitlements as $entitlement) {
+            if(in_array($entitlement, $required_entitlements)) {
+                $this->authorized = true;
+            }
+        }
+
         $this->fragments = get_fragments("./html/$language/fragments.html");
         $this->ldap = new Ldap();
     }
 
+    public function respond() {
+        if(!$this->authorized) {
+            die("Unauthorized.");
+        }
+        return $this->render();
+    }
+
+    abstract public function render();
+
     final protected function escape_tags($tags) {
         foreach($tags as $key => $tag) {
             $tags[$key] = $this->escape_string(strtolower($tag));
diff --git a/include/functions.php b/include/functions.php
index 909f55e..49f2ce1 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -84,6 +84,7 @@ function replace($assoc_arr, $subject) {
 function make_page($page) {
     switch($page) {
         default:
+            die("Invalid page.");
         case 'checkout':
             return new CheckoutPage();
         case 'return':
diff --git a/index.php b/index.php
index 052c6b9..b3a22e4 100755
--- a/index.php
+++ b/index.php
@@ -12,11 +12,15 @@ require('./include/functions.php');
 
 header('Content-Type: text/html; charset=UTF-8');
 
-$page = null;
+$page = 'checkout';
 if(isset($_GET['page'])) {
     $page = $_GET['page'];
 }
 
-make_page($page)->render();
+$page = make_page($page);
+if(!$page->authorized) {
+    $page = make_page('public');
+}
+$page->respond();
 
 ?>