Tip 3: Token based Perimeter Authentication

If you are faced with the challenge of integrating a third party security system with JBoss, then the following wiki may be useful to you:
Generic HeaderAuthenticator

In theory, an external system will do the authentication and then pass the authorization request back to JBoss/Tomcat. A token will be usually passed through the request headers.