public boolean commit() throws LoginException { // some validation code here Set<Principal> principals = subject.getPrincipals(); // ensure principals contains (CallerPrincipal and UserRoles) createRolesGroup(principals); return true; } private void createRolesGroup(Set<Principal> principals) { // Thee java.security.acl.Group implementation SecurityGroup rolesGroup = new SecurityGroup("Roles"); Iterator<Principal> iter = principals.iterator(); while(iter.hasNext()) { Object principal = iter.next(); if(!(principal instanceof Group)){ rolesGroup.addMember((Principal)principal); } principals.add(rolesGroup); }