diff --git a/connector/src/main/java/org/jboss/as/connector/services/resourceadapters/deployment/AbstractResourceAdapterDeploymentService.java b/connector/src/main/java/org/jboss/as/connector/services/resourceadapters/deployment/AbstractResourceAdapterDeploymentService.java
index 3b01b9beb8e5..f18c8040240b 100644
--- a/connector/src/main/java/org/jboss/as/connector/services/resourceadapters/deployment/AbstractResourceAdapterDeploymentService.java
+++ b/connector/src/main/java/org/jboss/as/connector/services/resourceadapters/deployment/AbstractResourceAdapterDeploymentService.java
@@ -43,7 +43,6 @@
 import java.util.concurrent.ThreadFactory;
 
 import org.jboss.as.connector.logging.ConnectorLogger;
-import org.jboss.as.connector.metadata.api.common.SecurityMetadata;
 import org.jboss.as.connector.metadata.api.resourceadapter.WorkManagerSecurity;
 import org.jboss.as.connector.metadata.deployment.ResourceAdapterDeployment;
 import org.jboss.as.connector.security.CallbackImpl;
@@ -65,6 +64,7 @@
 import org.jboss.as.naming.WritableServiceBasedNamingStore;
 import org.jboss.as.naming.deployment.ContextNames;
 import org.jboss.as.naming.service.BinderService;
+import org.jboss.jca.common.api.metadata.common.SecurityMetadata;
 import org.jboss.jca.common.api.metadata.resourceadapter.Activation;
 import org.jboss.jca.common.api.metadata.spec.ConfigProperty;
 import org.jboss.jca.common.api.metadata.spec.Connector;
@@ -618,12 +618,12 @@ protected String registerResourceAdapterToResourceAdapterRepository(ResourceAdap
 
         @Override
         protected org.jboss.jca.core.spi.security.SubjectFactory getSubjectFactory(
-                org.jboss.jca.common.api.metadata.common.SecurityMetadata securityMetadata, final String jndiName) throws DeployException {
+                SecurityMetadata securityMetadata, final String jndiName) throws DeployException {
             if (securityMetadata == null)
                 return null;
-            assert securityMetadata instanceof SecurityMetadata;
             final String securityDomain = securityMetadata.resolveSecurityDomain();
-            if (((SecurityMetadata)securityMetadata).isElytronEnabled()) {
+            if (securityMetadata instanceof org.jboss.as.connector.metadata.api.common.SecurityMetadata &&
+                    ((org.jboss.as.connector.metadata.api.common.SecurityMetadata)securityMetadata).isElytronEnabled()) {
                 try {
                     return new ElytronSubjectFactory(null, new URI(jndiName));
                 } catch (URISyntaxException e) {
diff --git a/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/AbstractDataSourceService.java b/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/AbstractDataSourceService.java
index 8138c1312193..2c2483a45cb4 100644
--- a/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/AbstractDataSourceService.java
+++ b/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/AbstractDataSourceService.java
@@ -460,6 +460,7 @@ protected org.jboss.jca.core.spi.security.SubjectFactory getSubjectFactory(
                 org.jboss.jca.common.api.metadata.common.Credential credential, final String jndiName) throws DeployException {
             if (credential == null)
                 return null;
+            // safe assertion because all parsers create Credential
             assert credential instanceof Credential;
             final String securityDomain = credential.getSecurityDomain();
             if (((Credential) credential).isElytronEnabled()) {
diff --git a/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLDataSourceRuntimeHandler.java b/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLDataSourceRuntimeHandler.java
index 4a6e78c22662..c84ce77f7c0b 100644
--- a/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLDataSourceRuntimeHandler.java
+++ b/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLDataSourceRuntimeHandler.java
@@ -174,6 +174,8 @@ private void handleDatasourceAttribute(final String attributeName, final Operati
             if (dataSource.getSecurity() == null) {
                 return;
             }
+            // this is a safe assert because DsXmlParser will always create a wildfly DsSecurity metadata
+            assert dataSource.getSecurity() instanceof DsSecurity;
             if (((DsSecurity) dataSource.getSecurity()).isElytronEnabled()) {
                 return;
             }
@@ -182,6 +184,8 @@ private void handleDatasourceAttribute(final String attributeName, final Operati
             if (dataSource.getSecurity() == null) {
                 return;
             }
+            // this is a safe assert because DsXmlParser will always create a wildfly DsSecurity metadata
+            assert dataSource.getSecurity() instanceof DsSecurity;
             if (!((DsSecurity) dataSource.getSecurity()).isElytronEnabled()) {
                 return;
             }
@@ -190,6 +194,8 @@ private void handleDatasourceAttribute(final String attributeName, final Operati
             if (dataSource.getSecurity() == null) {
                 return;
             }
+            // this is a safe assert because DsXmlParser will always create a wildfly DsSecurity metadata
+            assert dataSource.getSecurity() instanceof DsSecurity;
             if (!((DsSecurity) dataSource.getSecurity()).isElytronEnabled()) {
                 return;
             }
diff --git a/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLXaDataSourceRuntimeHandler.java b/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLXaDataSourceRuntimeHandler.java
index 08929c272e9e..a2da7ef615b1 100644
--- a/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLXaDataSourceRuntimeHandler.java
+++ b/connector/src/main/java/org/jboss/as/connector/subsystems/datasources/XMLXaDataSourceRuntimeHandler.java
@@ -245,6 +245,8 @@ else if (attributeName.equals(Constants.INTERLEAVING.getName())) {
             if(dataSource.getRecovery().getCredential() == null) {
                 return;
             }
+            // safe assertion because all parsers create jboss Credential
+            assert dataSource.getRecovery().getCredential() instanceof Credential;
             if (((Credential) dataSource.getRecovery().getCredential()).isElytronEnabled()) {
                 return;
             }
@@ -257,6 +259,8 @@ else if (attributeName.equals(Constants.INTERLEAVING.getName())) {
             if(dataSource.getRecovery().getCredential() == null) {
                 return;
             }
+            // safe assertion because all parsers create jboss Credential
+            assert dataSource.getRecovery().getCredential() instanceof Credential;
             if (!((Credential) dataSource.getRecovery().getCredential()).isElytronEnabled()) {
                 return;
             }
@@ -270,6 +274,8 @@ else if (attributeName.equals(Constants.INTERLEAVING.getName())) {
             if(dataSource.getRecovery().getCredential() == null) {
                 return;
             }
+            // safe assertion because all parsers create jboss Credential
+            assert dataSource.getRecovery().getCredential() instanceof Credential;
             if (!((Credential) dataSource.getRecovery().getCredential()).isElytronEnabled()) {
                 return;
             }
@@ -407,6 +413,8 @@ else if (attributeName.equals(Constants.INTERLEAVING.getName())) {
             if (dataSource.getSecurity() == null) {
                 return;
             }
+            // this is a safe assert because DsXmlParser will always create a wildfly DsSecurity metadata
+            assert dataSource.getSecurity() instanceof DsSecurity;
             if (((DsSecurity) dataSource.getSecurity()).isElytronEnabled()) {
                 return;
             }
@@ -415,6 +423,8 @@ else if (attributeName.equals(Constants.INTERLEAVING.getName())) {
             if (dataSource.getSecurity() == null) {
                 return;
             }
+            // this is a safe assert because DsXmlParser will always create a wildfly DsSecurity metadata
+            assert dataSource.getSecurity() instanceof DsSecurity;
             if (!((DsSecurity) dataSource.getSecurity()).isElytronEnabled()) {
                 return;
             }
@@ -423,6 +433,8 @@ else if (attributeName.equals(Constants.INTERLEAVING.getName())) {
             if (dataSource.getSecurity() == null) {
                 return;
             }
+            // this is a safe assert because DsXmlParser will always create a wildfly DsSecurity metadata
+            assert dataSource.getSecurity() instanceof DsSecurity;
             if (!((DsSecurity) dataSource.getSecurity()).isElytronEnabled()) {
                 return;
             }
diff --git a/connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/IronJacamarResourceCreator.java b/connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/IronJacamarResourceCreator.java
index a6f899080a77..daa6ce02861c 100644
--- a/connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/IronJacamarResourceCreator.java
+++ b/connector/src/main/java/org/jboss/as/connector/subsystems/resourceadapters/IronJacamarResourceCreator.java
@@ -75,17 +75,17 @@
 
 import java.util.Map;
 
-import org.jboss.as.connector.metadata.api.common.Credential;
-import org.jboss.as.connector.metadata.api.common.Security;
 import org.jboss.as.connector.metadata.api.resourceadapter.WorkManagerSecurity;
 import org.jboss.as.connector.services.mdr.AS7MetadataRepository;
 import org.jboss.as.controller.PathElement;
 import org.jboss.as.controller.SimpleAttributeDefinition;
 import org.jboss.as.controller.registry.Resource;
 import org.jboss.dmr.ModelNode;
+import org.jboss.jca.common.api.metadata.common.Credential;
 import org.jboss.jca.common.api.metadata.common.Extension;
 import org.jboss.jca.common.api.metadata.common.Pool;
 import org.jboss.jca.common.api.metadata.common.Recovery;
+import org.jboss.jca.common.api.metadata.common.Security;
 import org.jboss.jca.common.api.metadata.common.TimeOut;
 import org.jboss.jca.common.api.metadata.common.Validation;
 import org.jboss.jca.common.api.metadata.common.XaPool;
@@ -212,11 +212,12 @@ private void addConnectionDefinition(final Resource parent, ConnectionDefinition
                 setAttribute(model, NOTXSEPARATEPOOL, xaPool.isNoTxSeparatePool());
             }
         }
-        final Security security = (Security) connDef.getSecurity();
+        final Security security = connDef.getSecurity();
         if (security != null) {
             setAttribute(model, APPLICATION, security.isApplication());
 
-            if (security.isElytronEnabled()) {
+            if (security instanceof org.jboss.as.connector.metadata.api.common.Security &&
+                    ((org.jboss.as.connector.metadata.api.common.Security) security).isElytronEnabled()) {
                 setAttribute(model, ELYTRON_ENABLED, true);
                 setAttribute(model, AUTHENTICATION_CONTEXT, security.getSecurityDomain());
                 setAttribute(model, AUTHENTICATION_CONTEXT_AND_APPLICATION, security.getSecurityDomainAndApplication());
@@ -259,10 +260,11 @@ private void addConnectionDefinition(final Resource parent, ConnectionDefinition
                     }
                 }
             }
-            final Credential recoveryCredential =  (Credential) recovery.getCredential();
+            final Credential recoveryCredential =  recovery.getCredential();
             if (recoveryCredential != null) {
                 setAttribute(model, RECOVERY_PASSWORD, recoveryCredential.getPassword());
-                if (recoveryCredential.isElytronEnabled()) {
+                if (recoveryCredential instanceof org.jboss.as.connector.metadata.api.common.Credential &&
+                        ((org.jboss.as.connector.metadata.api.common.Credential) recoveryCredential).isElytronEnabled()) {
                     setAttribute(model, RECOVERY_ELYTRON_ENABLED, true);
                     setAttribute(model, RECOVERY_AUTHENTICATION_CONTEXT, recoveryCredential.getSecurityDomain());
                 } else {