I've been breaking my head over working around a JBoss Portal bug that prevents access to the dashboard if the Principal has a "." (dot). So, I can't use JBoss Portal if I logged in as "temp@company.com" or "first.last@company.com", etc.

To be able to workaround this, I need to avoid the addition of the UserPrincipal automatically. What do I need to do to achieve this, and is it even possible?

Does JBoss security code use AOP interceptors to do this?