How can one put an authorization check inside the JBoss server? I.E. (pseudo-code)

Subject.doAs( JaasSecurityManager.getActiveSubject(),
new PrivilegedAction() {
public Object run() {
SecurityManager.checkPermission(
new Permission(...) );
} } );

Additionally, How can I create my policies and incorporate them into JBoss? I.E. a DB-persisted policy?

When I extend javax.security.auth.Policy and use either:

javax.security.auth.Policy.setPolicy(MyPolicy)

set

auth.policy.provider=MyPolicy

My permission checks do not work...