Hello,

in a Microsoft Windows environment, I want to use IIS and ISAPI_REDIRECT2.DLL to access my JBoss server.

It's no problem to get redirection and authentication running. In a servlet, request.getUserPrincipal() works in the desired way.

But when I try to get Authorization running, nothing works. In the moment when I put security constraints onto my application, the Jboss-Realm which is planted into the tomcat throws NullPointerExceptions in "hasRole" method.

I would like to install a LoginModule or something like that to retrieve user role information from an external repository based on the userid. But when tomcat authentication is disabled (with webserver authentication to be used), no LoginModule is asked anymore.

What is the right way? Can anbyody help me??

Thank you!!

Regards,

Marcus.