I'm not sure we can change all places that cast the Principal to JGP because some of them use the specific methods of the JGP (like getSubject() and getAuthPrincipal) to set the principal info on the SecurityAssociationActions. My first impression is that it is reasonable to require users to extend JGP instead of GenericPrincipal when they are looking for customization. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4100438#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...