If you are using Tomcat 3.2 with JBoss from a separate VM then it is relatively easy to pass credentials to JBoss using the JbossRealm implementation, which is a Tomcat 3 interceptor:
However Tomcat still has to authenticate its users separately. This way your standard J2EE web constraints and so on will be applied as normal. In this case you don'd need any JAAS code.
With Catalina it is not so easy to do obtain the authentication information so that it can be passed to JBoss with each request (it may be discarded). I mentioned it to Scott before because the question was cropping up frequently and he suggested writing an implementation which
subclassed Tomcat's SingleSignon Valve. I believe this maintains a cache of the login credentials so the authentication information could be obtained from this and used as before.