Chapter 8 of the jboss server guide does a good job of explaining how to set up a security domain for a client. So read that first. To paraphrase, you will perform a JAAS login in you client application. The last LoginModule in you stack should be the org.jboss.security.ClientLoginModule. This will set the SecurityAssociation for you. This is better than directly accessing the SecurityAssociation in case the API changes.
If this does not solve your problem, let me know,