https://issues.apache.org/jira/browse/CXF-7815 changed to use reflection to access Group's member for java.security.acl APIs removal in JDK 13.
This change caused regression with elytron usage scenarios (
JBWS-4180) against EAP 7.2.0.GA.
Now the SimpleGroup which created to store the roles from Elytron securityIdentity is a private static class: https://github.com/wildfly/wildfly/blob/18.0.0.Final/webservices/server-integration/src/main/java/org/jboss/as/webservices/util/SubjectUtil.java#L185
It should be change to put it in a public class for CXF or other integration layer to easily access.