Is it possible in JBoss to configure your client application so that an explicit JAAS login is not required?

In fact what I really want to do is to delegate all security decisions to the target AppServer.

Ie create an InitialContext on the client that has the PROVIDER_URL specified, include the appropriate AppServer libraries in the classpath and have the AppServer invoke whatever authorization component is appropriate.

Something like what Kevin Boone shoes in chapter 16 of "Applied EJBs".

Because I need to support various AppServer flavours I really don't want AppServer specific config if at all possible.

So how to best do this for JBoss?