Problem solved after trace into JBoss code.
The reason is that I created the InitialContext at the time when the MDB is created and try to reuse it when the onMessage() is invoked. What happens behind the scene is that JBoss saves the username / password into a ThreadLocal variable in server environment when the InitialContext is created. This ThreadLocal variable is not there anymore when the onMessage() is invoked because it is a different thread. Hence, the security information is lost and causes the authentication exception.
I now create a new InitialContext object when processing the onMessage() method. Seems working fine.