This is part of the JSR-115 specification JavaTM Authorization Contract for Containers. See section 4.6.1.1 Container Subject Policy Context Handler:

4.6.1.1 Container Subject Policy Context Handler

All EJB and Servlet containers must register a PolicyContextHandler whose getContext method returns a javax.security.auth.Subject object when invoked with the key "javax.security.auth.Subject.container".

In your application, you can retrieve the object through the following commands:

import javax.security.jacc.PolicyContext;
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

Note: the class should be added in get[Private|Public]Credentials() (with no args). The get[Public|Private]Credentials(Class<T>.class) generates a copy of the content, "filtering" the classes that are instances of the argument, serving only to retrieve saved classes.

Note: Not tested on JBoss, but I think it applies in the same way, based on JBoss Doc.

References:

• JSR-115 Java Authorization Contract for Containers (Maintenance Release 3)
• Arjan Tijms' Weblog