Please find a first pass implementation of the JSR-196 specification in the main HEAD, as evidenced by the following JIRA issue:
http://jira.jboss.com/jira/browse/JBAS-2525
I will need to add some test deployments to verify the externalization of security to AuthModules......
http://jira.jboss.com/jira/browse/JBAS-2899
I have tested the customization of authenticators at the host level, which is quite sufficient. This feature will be part of standard 4.0.4
If any user needs this feature prior to 4.0.4, then you will need to create an extension of the catalina ContextConfig class and plug in a map of authenticators keyed in by the login-config names. Please refer to the JIRA issue for more information.