Is there a possibility that the code that tries to obtain the Subject is called before the SecurityContext is even set for the first time after redeployment? If that happens, then the principals would not be obtained before the SecurityContext is set.
[Message sent by forum member 'nitkal' ]
http://forums.java.net/jive/thread.jspa?messageID=375331