Hi, I noticed that JBoss' JACCAuthorizationManager only passes the role principals (if any) into a JACC module, as per the following code: // create a protection domain with the user roles (or account principal if no roles are found) final Map<String, Set<String>> principalVersusRolesMap = deployment.getDeploymentInfo().getPrincipalVersusRolesMap(); final Principal[] principals = this.getPrincipals(account, principalVersusRolesMap); final CodeSource codeSource = servletInfo.getServletClass().getProtectionDomain().getCodeSource(); final ProtectionDomain protectionDomain = new ProtectionDomain(codeSource, null, null, principals); If there happen to be no roles, then and only then is the caller principal passed to the JACC module. I wonder if there was any specific idea here. The comment explicitly indicates this, so it doesn't just seem a bug. But this is quite, unusual, and also a bit confusing for a JACC module to work with. As far as I know, no other server does this (at least GF, Payara, Geronimo, JEUS and TomEE don't do this). You always see all the principals from the Subject being passed in. A JACC module can work around this by obtaining the subject directly using "PolicyContext.getContext("javax.security.auth.Subject.container")", but still wondering why JBoss doesn't just pass all principals here. Any insight would be appreciated. Kind regards, Arjan Tijms