Have you tried putting a security-domain in your jboss.xml file?
The way I understand it, by placing this in the jboss.xml, you specify that the application is secured under the MyDomain domain. Then, in your auth.conf file on the server, create a section called "MyDomain" like this:
... your security setup ...
Each bean in the jboss.xml file will then be authenticated with the login modules in the MyDomain configuration.