The Connector 1.6 (and the current 1.7) javadoc for SecurityContext ( http://docs.oracle.com/javaee/6/api/index.html?javax/resource/spi/work/SecurityContext.html ) has the following erroneous non-null constraint for serviceSubject.
In the description of setupSecurityContext , we have the following erroneous line:
"The serviceSubject argument must be non-null and it must not be read-only."
In the spec, and in the same method's 'serviceSubject' parameter javadoc, we talk about serviceSubject being nullable. The correct statement must be
"The serviceSubject argument may be null, and when not null it must not be read-only."
 http://docs.oracle.com/javaee/6/api/javax/resource/spi/work/SecurityContext.html#setupSecurityContext(javax.security.auth.callback.CallbackHandler, javax.security.auth.Subject, javax.security.auth.Subject)