I got this idea from the FAQ that is listed in the sticky post at the top of this forum, and it worked for me. This idea presumes that the recommendation is followed to create a CallerPrincipal group in getRoleSets() and add your custom principal as a member of that group. | Principal callerPrincipal = null; | try { | Subject caller = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); | for (Principal p : caller.getPrincipals()) { | if (p.getName().equals("CallerPrincipal")) { | Group g = (Group)p; | callerPrincipal = g.members().nextElement(); | } | } | } catch (Exception e) { | log.error("Error accessing Subject", e); | } | Obviously the code could be enhanced to recognize whatever groups you might use or to check the Principal type instead of just assuming there is one principal in a specific group. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251329#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...