I do not think that there is any standard J2EE way to do that.
The JAAS way will be something like that:

import java.security.AccessController;
import javax.security.auth.Subject;
....
Subject sub = Subject.getSubject (AccessController.getContext());

But this will work only if your servlet container is executing every request as JAAS priviledge actions (full support for JAAS authorization mechanism) as this is what will associate the subject with the access context.

There might be servlet container proprietary ways of doing, I am not sure.

I might also be missing something, but this is my current understanding of JAAS and its integration in J2EE environment.

Thomas