the default JBoss security mechanism should already dynamically load the roles of a user when she logs in. Take a look e.g. at the "DatabaseServerLoginModule": http://community.jboss.org/wiki/DatabaseServerLoginModule
There are a lot of other login modules available, and you can also create your own.
Hope that I understand your request ;-)
Thanks for your answer, but I need to use the JACC method to authorize the users, because the JAAS authorization method is not flexible as JACC. The JACC (http://java.sun.com/j2ee/javaacc/) uses another level of authority, so we can customize better our policies, forming groups of permissions.
I'm exploring the JBoss source code and looking a way to load it like the JAAS, as you describe. If you have another idea, please let me know.. ;-)