It will conflict with the RMI/HTTP propagation of the caller identity. If your not using that feature it should be fine. We should externalize this via a security service configuration since this is a jvm global setting (unfortunately).
Can you suggest a way to deal with this problem so that it does not effect the default JBoss implementation?
RMI/HTTP is not the default transport so overriding the authentictor does not impact anything by default.