diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java
index a2bac8c..23c1177 100644
--- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java
+++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java
@@ -37,7 +37,7 @@
 package br.gov.frameworkdemoiselle.security;
 
 /**
- * Thrown when the authentication process fails.
+ * Thrown when the mecanism responsible for the entire authentication lifecycle fails.
  * 
  * @author SERPRO
  */
diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java
new file mode 100644
index 0000000..47f8f9f
--- /dev/null
+++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java
@@ -0,0 +1,18 @@
+package br.gov.frameworkdemoiselle.security;
+
+/**
+ * Thrown when the user's credentials are invalid.
+ * 
+ * @author SERPRO
+ */
+public class InvalidCredentialsException extends AuthenticationException {
+	
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Constructs an <code>InvalidCredentialsException</code> with a message.
+	 */
+	public InvalidCredentialsException(String message) {
+		super(message);
+	}
+}
diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java
index cda6c3c..570466f 100644
--- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java
+++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java
@@ -41,12 +41,12 @@ package br.gov.frameworkdemoiselle.security;
  * 
  * @author SERPRO
  */
-public class NotLoggedInException extends SecurityException {
+public class NotLoggedInException extends AuthenticationException {
 
 	private static final long serialVersionUID = 1L;
-
+	
 	/**
-	 * Constructs an <code>NotLoggedInException</code> with no detail message.
+	 * Constructs an <code>NotLoggedInException</code> with a message.
 	 */
 	public NotLoggedInException(String message) {
 		super(message);
diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java
index a34bd52..8f46dcc 100644
--- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java
+++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java
@@ -50,14 +50,17 @@ public interface SecurityContext extends Serializable {
 	 * 
 	 * @throws AuthenticationException
 	 *             When the logon process fails, this exception is thrown.
+	 * @throws InvalidCredentialsException
+	 *             When the user's credentials coudn't be validated. InvalidCredentialsException is a special case of
+	 *             AuthenticationException.
 	 */
 	void login();
 
 	/**
 	 * Executes the logout of a user.
 	 * 
-	 * @throws NotLoggedInException
-	 *             if there is no user logged in a specific session
+	 * @throws AuthenticationException
+	 *             When the logout process fails, this exception is thrown.
 	 */
 	void logout();
 
@@ -82,7 +85,8 @@ public interface SecurityContext extends Serializable {
 	 * @param operation
 	 *            operation to be checked
 	 * @return {@code true} if the user has the permission
-	 * 
+	 * @throws AuthorizationException
+	 *             When the permission checking fails, this exception is thrown.
 	 * @throws NotLoggedInException
 	 *             if there is no user logged in a specific session.
 	 */
@@ -94,7 +98,8 @@ public interface SecurityContext extends Serializable {
 	 * @param role
 	 *            role to be checked
 	 * @return {@code true} if the user has the role
-	 * 
+	 * @throws AuthorizationException
+	 *             When the permission checking fails, this exception is thrown.
 	 * @throws NotLoggedInException
 	 *             if there is no user logged in a specific session.
 	 */
@@ -103,7 +108,8 @@ public interface SecurityContext extends Serializable {
 	/**
 	 * Return the user logged in the session.
 	 * 
-	 * @return the user logged in a specific session. If there is no active session returns {@code null}
+	 * @return the user logged in a specific authenticated session. If there is no active session {@code null} is
+	 *         returned.
 	 */
 	User getUser();
 
diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java
index 4e356b1..bcb4ab9 100644
--- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java
+++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java
@@ -54,7 +54,7 @@ public class SecurityException extends DemoiselleException {
 	 * @param message
 	 *            the detail message.
 	 */
-	public SecurityException(String message) {
+	SecurityException(String message) {
 		super(message);
 	}
 
@@ -64,7 +64,7 @@ public class SecurityException extends DemoiselleException {
 	 * @param cause
 	 *            exception cause
 	 */
-	public SecurityException(Throwable cause) {
+	SecurityException(Throwable cause) {
 		super(cause);
 	}
 
@@ -76,7 +76,7 @@ public class SecurityException extends DemoiselleException {
 	 * @param cause
 	 *            exception cause
 	 */
-	public SecurityException(String message, Throwable cause) {
+	SecurityException(String message, Throwable cause) {
 		super(message, cause);
 	}
 }
diff --git a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
index ce8cf85..aea5cb2 100644
--- a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
+++ b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
@@ -58,7 +58,7 @@ public class ServletAuthenticator implements Authenticator {
 	@Override
 	public void authenticate() throws AuthenticationException {
 		try {
-			if (this.getUser() == null) {
+			if (getRequest().getUserPrincipal() == null) {
 				getRequest().login(getCredentials().getUsername(), getCredentials().getPassword());
 			}
 		} catch (ServletException cause) {
@@ -77,9 +77,36 @@ public class ServletAuthenticator implements Authenticator {
 		getRequest().getSession().invalidate();
 	}
 
+	// TODO Criar uma delegação especializada de User ao invés de retornar
+	// uma inner class
 	@Override
-	public Principal getUser() {
-		return getRequest().getUserPrincipal();
+	public User getUser() {
+		final Principal principal = getRequest().getUserPrincipal();
+		
+		User user = null;
+		
+		if (principal!=null) {
+			user =  new User() {
+				
+				private static final long serialVersionUID = 1L;
+				
+				@Override
+				public String getId() {
+					return principal.getName();
+				}
+				
+				@Override
+				public void setAttribute(Object key, Object value) {
+				}
+				
+				@Override
+				public Object getAttribute(Object key) {
+					return null;
+				}
+			};
+		}
+		
+		return user;
 	}
 
 	protected Credentials getCredentials() {
--
libgit2 0.21.2