Add a custom interceptor that changes the SecurityException to the exception thrown from the login module as obtained from the SecurityAssociation.getContext().
You have to parse the stack of incoming exceptions, beggining with the remote exception. In addition you can substitute the default security interceptor with your own, which will throw more detailed exceptions...
I have the same problem getting the exact exception cause on the client side.
If you are lucky your client will run on the same VM that the logincontext does. In that case you might use
Object exception = org.jboss.security.SecurityAssociation.getContextInfo("org.jboss.security.exception");
The exception obtained is the original exception thrown by the LoginModule and you can insert your own code based upon that exception (rethrow it for example).
In my case i use ejb services accessed from a remote machine and that exception is not available on the remote client :(.
As requested by Scott i have opened a Jira requesting this feature for the client. Please vote for it so that they can correct it.