Scott says:
==========================================================================
We really should just have an AppCallbackHandler in the security module in the
org.jboss.security.auth.callback package that can handle all of the known jboss callbacks.
That way the security tests would depend on this directly and the test module would not.

There should be a default implementation as there certainly is a coupling between the callbacks
and the handler. This needs to be in the jbosssx-client.jar as well.
==========================================================================