I use the first way in my login module works fine. HttpServletRequest request = null; try { request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest"); } catch (PolicyContextException e) { e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. throw new RuntimeException("PolicyContext.getContext(javax.servlet.http.HttpServletRequest) failed"); } String ip = request.getRemoteHost(); Map map = request.getParameterMap(); Host host = new Host(ip, hostKey);// TODO put registry key return host; View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166320#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...