JBoss does not use the Authorization part of JAAS (the one that will allow you to do access control on Java classes).
But it does use JAAS for Authentication, meaning that a Subject is created.
You will have to create a Security interceptor in order to do the Subject.doAs to invoke the requested operation. This will make sure that the Subject is correctly associated with the access control context.
I believe that you will also have to make sure that JBoss is running under some kind of Security Manager (adding the -Djava.security.manager in the JBoss startup script. There is a seciton about that in the JBoss 322 doc).