Did you define anything custom ? A custom realm for example ?
This error usually arrives in the SecurityAssociationValve when it tries to cast the principal object that comes from the session in a JBossGenericPrincipal object. Look at the source code for the SecurityAssociationValve invoke method. It will look for a principal object and attempt to perform an explicit cast it. This means that the principal object created by the realm class (for example JBossSecurityMgrRealm) in the getCachedPrincipal method has to be of type JBossGenericalPrincipal. If you did a custom realm or something with principals, it might be related to that. The JBossGenericPrincipal holds many objects that are available in the authenticate method and after the isValid method was invoked (all the LoginModule have been invoked). If you use custom principals, they would be wrapped inside the JBossGenericPrincipal as the CallerPrincipal and it is these principals that will get set into your context before EJB invocation.
Hope this helps.