Configuration for custom login module configured in login-config.xml: | <login-module code="core.rbac.jboss.LDAPCertificateLoginModule" flag="required"> | <module-option name="securityDomain">java:/jaas/CoreApplication</module-option> | <module-option name="principalClass">core.rbac.BasicPrincipal</module-option> | <module-option name="verifier">core.rbac.jboss.CertificateVerifier</module-option> | </login-module> | The custom login module is a subclass of BaseCertLoginModule that obtains user roles from LDAP. In the login module the identity is instance of BasicPrincipal. The user roles are propagated to the web application, for example, calling request.isUserInRole("someRole") correctly returns true or false based on user role assignment. However request.getUserPrincipal() returns an instance of SimplePrincipal and not BasicPrincipal. Please inform me if you need other code or configuration snapshots. Thanks, Bogdan View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961485#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...