For web based security, the Java EE standardized JASPIC authentication modules can be put within an application. JBoss/WildFly supports these rather well.
Thanks. Even found your blog post about it: Arjan Tijms' Weblog: Implementing container authentication in Java EE with JASPIC
Have to admit that I had never heard of this specification before. Still trying to wrap around on how it relates to JAAS (which is a nightmare to understand, implement custom modules, deploy and so on).
Gonna look into it