This exception probably indicates that the invocation handler for a proxy object threw an exception that it shouldn't have.
A serialized Subject imcomplete as credentials are not serialized, only principals (and at a guess it is one of the principals that is causing your problem). Subjects aren't all that useful outside the VM that created them anyway, since both principals and credentials are usually of a very local nature.
A more usual pattern is to login locally on the client, using login modules that interact with a seperate login system on the server - so you will have seperate but related Subjects on the client and server.
Since you are obviously using a J2EE client is there any particular reason why you can't use one of the normal EE authentication patterns (there sould be tutorials online)?