Implement the following:
a) JASPISecurityManager is a standalone implementation class that implements the interface called "GeneralizedAuthenticationManager" (which is ServerAuthContext and AuthenticationManager interfaces). The way an implementation gets access to this through the AuthContextFactory mechanism. This is MC friendly.

b) Since the JASPISecurityManager is a POJO friendly implementation, we are going to bring in a JMX wrapper called "JASPISecurityManagerService" (Actually can really use JaasSecurityManagerService, but lets retire him). Now since the wrapper binds the JASPISecurityManager to JNDI, there is no reason to go the AuthContextFactory way, for any service that needs authentication. Just look up the JNDI to get the securitymanager. This is what the JBossSecurityMgrRealm and the security interceptors will do.

The above two take care of the generalized authentication mechanism.