SRX

Ii it possible to build a guest vlan with captive portal without the combination of junos enforcer and infranet-controller only with one SRX220? Check rights against another radius-server?

The SRX supports what is refered to as "firewall authentication" which will meet this need. 

Thanx for suggestion, it very helpful. I've tried this and it would work. But I have two security-problems. The firewall-authority check only works with http and not with https (bad idea for W-LAN?) and the SRX-web-managment-website is available from this Guest-Vlan (Brute-force-attack available?).

Do you have any ideas or am I wrong?

Well best practice on configuring web-auth is to use a secondary IP address for the web-auth address. Place a second address on the specific IF with "web-authentication http" appended to it and append the primary address the "preferred" option.

As for the issue of http versus https for authentication - I am guessing your concern is about transmitting your traffic in cleartext. That is a valid concern of course and I don't have an answer for you.