I successfully integrated the SPNEGO authentication module. In my application, I see that req.getUserPrincipal() returns the userid of the user logged into the Windows machine (e.g., jdoe@mycom.com).

How do I find out if this user belongs to a specific AD group? (note: I have the group name I'm looking for)

I'm accustom to using req.isUserInRole(aRole) but it appears I can put any value in here and it returns "false".

I tried integrating the Advanced LDAP Login Module (chained configuration) per the JBoss Negotiation users guide. The integration worked but still the same result - req.isUserInRole() returns false.

Is this the purpose of the Advanced LDAP Login Module or am I mis-interpreting why I would use it? Do I need to write my own JAAS module?

Thanks!