I added a simple org.jboss.kernel.plugins.util.KernelLocator singleton that can be used to access the Kernel the KernelLocator is deployed to. When running under a security manager the KernelLocator.getKernel() caller will require a org.jboss.kernel.plugins.util.KernelLocatorPermission("kernel") permission.