I would like to add an option in my Swing app that allows users to change their own password. However, for me to implement this means that I would have to know that it's implemented using the DatabaseLoginModule. This seems counter to what JAAS is doing by having that kind of knowledge outside of the app. So, what's a good way of doing this?
And, if that does happen, when does the new password take effect? When they try to log in next or when the server is restarted?
JAAS does not handle the management of users. It is only an API for authentication and authorization.
Your application has to know where your user data is stored.
After the change I think you will also have to flush the authentication cache to have it in effect. There are lots of posts about how to do this with the security MBean.