If the user is submitting their credentials in an HTML form, then you already have their credentials.
If you are using Browser-based logon, then you'll have to write your own LoginModule.
JBoss does have a way of doing SSO (Single Sign On) but I haven't delved too much into that aspect yet.
If you are using basic authentication then yes jboss can help. You can write your own/extend the existing loginmodules to get the password. It will nto be encrypted. Even if you end up using SSL by the time the password reaches the login module it should be decrypted already.
If you are using form based login, you can get the password even in tomcat. The easiest would be to put a filter to the j_security_check servlet. In the filter you can read j_password from the request.