In IAS we used a class that was provided. This class was a security context class that in my guess wrapped the context they wrote for JAAS to authenticate. they used Login() which is in my guess an override to their JAAS configuration object.
So, I would think that JBOSS has an adapter class that we can use to simulate a login. I can't believe that others are not facing this issue ans many sites do provice membership accounte on their site.