Yeah you don't need a properties file, just something like this pseudocode:
class YourAuth implements JMXAuthenicator {
String configName = ...get this from jboss-beans.xml...;
LoginContext context = ...get this from configName...;
YourCallbackHandler cbh = ...has writable properties for user/pass...;
[...]
public synchronized Subject authenticate(Object creds) {
String user, pass;
user = ((String[])creds)[0]; pass = ((String[])creds)[1];
// validate user/pass (not shown)
// now put it on cbh
cbh.setUserName(user); cbh.setPassword(pass);
// authenticate:
context.login();
Subject s = context.getSubject();
s.setReadOnly();
return s;
}
}