I've created my own custom login module which extends AbstractServerLoginModule. I've also created a custom JDBC Driver which extends java.sql.Driver. My custom JDBC driver is necessary as I'm attempting to get JBoss working with a technology called Oracle Proxy Authentication. Essentially, the JDBC connection pool is setup to authenticate using a common user called 'proxy_user'. The JDBC driver needs to obtain the username that the user logged in with which it can then use to proxy over to that account calling OracleConnection.openProxySession(username). From then on, for that connection, queries executed against the database appear to run as the authenticated user, not 'proxy_user'.
I feel very confident that my custom login module works correctly as I'm able to login to a test JSF application and print out various Principals from the Subject obtained like this in my backing bean:
Subject caller = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");