Hi,
I think that my sample applies to your use case, too.
One big "!!!" in your code snippets: don't use a Context.INITIAL_CONTEXT_FACTORY of "org.jboss.security.jndi.JndiLoginInitialContextFactory", because this was problematic with JBoss 4.2, and it will no longer work in AS 5 and above. You will have to perform a JAAS login as I described.
The security client of AS5 is just a simplified JAAS login, which performs internally similar things as my code ;-).
Best regards
Wolfgang