Once you have the SubjectFactory installed and you know what the username/cred combo, is, what needs to be done before you do getSubject() is the following:
AccessController.doPrivileged( new PrivilegedAction()
{
public Object run()
{
//Create a security context on the association
SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomainName);
SecurityContextAssociation.setSecurityContext(securityContext);
//Now let us add the user name and cred
securityContext.getSubjectInfo().setPrincipal( principal );
securityContext.getSubjectInfo().setCredential( credential );
};
The implementation of SubjectFactory basically looks for the username/cred in the current security context on the SecurityContextAssociation.