Your going to have to implement a Realm, and use a Valve to associate the callers identity, just as the JBossSecurityMgrRealm does. Valves are not specific to embedded tomcat. The only specific about the JBossSecurityMgrRealm to the embedded tomcat is how it looks up the security manager used for authentication and authorization.
I'm also in the need to have Tomcat running stand-alone. If you can give me a step by step guidance on how to do make a Realm like JBossSecurityMgrRealm. Please I need a detailed solution.