How about using javax.security.auth.spi.LoginModule this should make it possible to be used in any server its the interface implemented by JBoss AbstractServerLoginModule.
Its not possible as the way JAAS is used to perform authentication/authorization is not defined by the J2EE specs. J2EE 1.4 introduces a new authorization contract, but still does not define how authentication using JAAS is performed.
just write different implementations of LoginModule for each container, e.g. JBossLoginModule, TomcatLoginModule, WebsphereLoginModule.
Extract your login code into a seperate shared utils class.
It makes no difference, since you have to configure each container's login setup with container-specific xml files anyway.
Obviously it will be nice when there's a J2EE spec for it though.