There are 2 issues that I can see implementing it in this manner.
1. SASL doesn't use a standard set of credentials, it uses a challenge/response mechanism. So I guess that the credential Object would have to be some kind of interface allowing a callback. Not impossible, but requires a messy cast, and how this interacts with a JAAS LoginContext/CallbackHandler is not clear to me.
2. The Java SASL implementation requires that you pass the user's expected password into the SASL engine during the authentication process. This means I need to call the protected getUsersPassword() method from the UsernamePasswordLoginModule. The only way to access this method (in a non-evil manner) is to make the functionality part of that class hierarchy.
Mike.
I brought this issue up with Scott during our last discussion and he concurred with my assessment of SASL doing JAAS and not the other way.