diff --git jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableTypeException.java jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableTypeException.java
new file mode 100644
index 0000000..3a963ed
--- /dev/null
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/AuthorizableTypeException.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.api.security.user;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * The {@code AuthorizableTypeException} signals an {@link Authorizable} type mismatch.
+ */
+public class AuthorizableTypeException extends RepositoryException {
+
+    /**
+     * Serial version UID.
+     */
+    private static final long serialVersionUID = -7630050662371536149L;
+
+    public AuthorizableTypeException(String msg) {
+        super(msg);
+    }
+
+}
diff --git jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
index e2e7157..b2c0752 100644
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
@@ -23,6 +23,8 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.UnsupportedRepositoryOperationException;
 
+import aQute.bnd.annotation.ProviderType;
+
 /**
  * The <code>UserManager</code> provides access to and means to maintain
  * {@link Authorizable authorizable objects} i.e. {@link User users} and
@@ -37,6 +39,7 @@ import javax.jcr.UnsupportedRepositoryOperationException;
  * {@link Session#save()} operation; callers should be prepared to repeat them
  * in case this happens.
  */
+@ProviderType
 public interface UserManager {
 
     /**
@@ -68,6 +71,18 @@ public interface UserManager {
     Authorizable getAuthorizable(String id) throws RepositoryException;
 
     /**
+     * Get the Authorizable of a specific type by its id.
+     *
+     * @param id the user or group id.
+     * @param authorizableClass the class of the type of Authorizable required; must not be <code>null</code>.
+     * @param <T> the required Authorizable type.
+     * @return Authorizable or <code>null</code>, if not present.
+     * @throws AuthorizableTypeException If an authorizable exists but is not of the requested type.
+     * @throws RepositoryException If an error occurs
+     */
+    <T extends Authorizable> T getAuthorizable(String id, Class<T> authorizableClass) throws AuthorizableTypeException, RepositoryException;
+
+    /**
      * Get the Authorizable by its Principal.
      *
      * @param principal The principal of the authorizable to retrieve.
diff --git jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/package-info.java jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/package-info.java
index 7dfcdf8..21316bf 100644
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/package-info.java
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/package-info.java
@@ -18,5 +18,5 @@
 /**
  * Jackrabbit extensions for user management.
  */
-@aQute.bnd.annotation.Version("2.3.2")
+@aQute.bnd.annotation.Version("2.4.0")
 package org.apache.jackrabbit.api.security.user;
diff --git jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
index 7a0a656..d43a951 100644
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.core.security.user;
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
+import org.apache.jackrabbit.api.security.user.AuthorizableTypeException;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.Query;
 import org.apache.jackrabbit.api.security.user.User;
@@ -451,6 +452,13 @@ public class UserManagerImpl extends ProtectedItemModifier
     }
 
     /**
+     * @see UserManager#getAuthorizable(String, Class)
+     */
+    public <T extends Authorizable> T getAuthorizable(String id, Class<T> authorizableClass) throws AuthorizableTypeException, RepositoryException {
+        return castAuthorizableByType(getAuthorizable(id), authorizableClass);
+    }
+
+    /**
      * @see UserManager#getAuthorizable(Principal)
      */
     public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
@@ -911,6 +919,14 @@ public class UserManagerImpl extends ProtectedItemModifier
         return getAuthorizable(n);
     }
 
+    private <T extends Authorizable> T castAuthorizableByType(Authorizable authorizable, Class<T> authorizableClass) throws AuthorizableTypeException {
+        try {
+            return authorizableClass.cast(authorizable);
+        } catch (ClassCastException e) {
+            throw new AuthorizableTypeException("Invalid authorizable type '" + authorizable.getClass() + "'");
+        }
+    }
+
     private Value getValue(String strValue) {
         return session.getValueFactory().createValue(strValue);
     }
diff --git jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerTest.java jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerTest.java
index fdc5446..8d8ca89 100644
--- jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerTest.java
+++ jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerTest.java
@@ -70,4 +70,36 @@ public class UserManagerTest extends AbstractUserTest {
             throw new NotExecutableException();
         }
     }
+
+
+    public void testGetAuthorizableByIdAndType() throws NotExecutableException, RepositoryException {
+        for (Principal principal : getPrincipalSetFromSession(superuser)) {
+            Principal p = principal;
+            Authorizable auth = userMgr.getAuthorizable(p);
+            if (auth != null) {
+                Authorizable authByID = userMgr.getAuthorizable(auth.getID(), auth.getClass());
+                assertEquals("Equal ID expected", auth.getID(), authByID.getID());
+            }
+        }
+    }
+
+    public void testGetAuthorizableByIdAndWrongType() throws NotExecutableException, RepositoryException {
+        for (Principal principal : getPrincipalSetFromSession(superuser)) {
+            Principal p = principal;
+            Authorizable auth = userMgr.getAuthorizable(p);
+            if (auth != null) {
+                Class<? extends Authorizable> otherType = auth.isGroup() ? User.class : Group.class;
+                try {
+                    userMgr.getAuthorizable(auth.getID(), otherType);
+                    fail("Wrong Authorizable type is not detected.");
+                } catch (AuthorizableTypeException ignore) {
+                }
+            }
+        }
+    }
+
+    public void testGetNonExistingAuthorizableByIdAndType() throws NotExecutableException, RepositoryException {
+        Authorizable auth = userMgr.getAuthorizable("nonExistingAuthorizable", User.class);
+        assertNull(auth);
+    }
 }
\ No newline at end of file
diff --git jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
index 651cb3d..51894e2 100644
--- jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
+++ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
@@ -21,6 +21,7 @@ import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
+import org.apache.jackrabbit.api.security.user.AuthorizableTypeException;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.Query;
@@ -1593,6 +1594,10 @@ public class UserImporterTest extends AbstractJCRTest {
                     return null;
                 }
 
+                public <T extends Authorizable> T getAuthorizable(String id, Class<T> authorizableClass) throws AuthorizableTypeException, RepositoryException {
+                    return null;
+                }
+
                 public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
                     return null;
                 }