JBoss out-of-the-box uses the Tomcat SSO valves to achieve what you are doing. The only limitation is that they have to be virtually hosted within the same tomcat instance.
If you are trying to do sso across multiple applications hosted in different tomcat instances and even completely independent JBoss instances, you need to look at one of our projects called:
JBoss Federated SSO - http://labs.jboss.com/portal/index.html?ctrl:cmd=render&ctrl:window=default.wiki.WikiPortletWindow&page=Jbosssso&language=EN
It is one of our up and coming projects on JBoss.org and we are looking at a Beta release very soon
Thanks sohil, I will look at the product as mentioned... i was able to configure the Jboss out of the box sso and it works fine.. Now I am looking at how to access user credentials from web layer for authorisation and pass the same across to ejb layer so that the ejb layer can perform some business functions depending on credentials...
Any pointers will be greatly appreciated..