--- ./blocks/cocoon-auth/cocoon-auth-api/src/main/java/org/apache/cocoon/auth/ApplicationUtil.java.orig	2008-09-09 12:07:53.000000000 +0200
+++ ./blocks/cocoon-auth/cocoon-auth-api/src/main/java/org/apache/cocoon/auth/ApplicationUtil.java	2008-09-09 12:16:17.000000000 +0200
@@ -76,7 +76,12 @@
      * @return This returns true, if the user has the role; otherwise false is returned.
      */
     public static boolean isUserInRole(final User user, final String role, final Map objectModel) {
-        boolean result = user.isUserInRole(role);
+        boolean result = false;
+        
+        if (user != null) {
+            result = user.isUserInRole(role);
+        }
+        
         if ( !result ) {
             final Request req = ObjectModelHelper.getRequest(objectModel);
             result = req.isUserInRole(role);