I still have two or three questions:
1 - How do I use the ACC to use a JBoss SX security domain for authentication and authorization?
1.1 - If it is doable, can I use my own LoginModule (or at least a CallBackHandler) to customize the appearance of the login window?
You can use simple JAAS authentication with your own login module on the client side. See Q10 (and the code related to jaas login using SecurityClient) here http://community.jboss.org/wiki/SecurityFAQ
2 - What about getting a datasource from the server via JNDI? Is it possible just by injecting the Datasource reference (as a @Resource)?
By default a datasource on a JBoss server is not remotely available. And it's not recommended to use it remotely. Any reason why you want the server side datasource on the client?
3 - The above link also talks about client-side logging. From what I understood, the server side log includes the EJB logging only. Any ideas on how I could direct log messages generated by the ACC to a server-side appender (and thus seeing the client's log in, say, server.log)?
You wouldn't want to do that In a real world scenario, clients do not have access to server side log. So redirecting the client side logs to server side isn't a good thing - the clients will end up having no logs to look at. Whether it's possible to redirect the logs is a different matter (i guess using some log4j specific appender, it might be possible).