When developing EJB beans, there are ways to inject the current user to assure the logged in user is known. The same goes when developing a web application where the information is available through the HTTPServletRequest.
However when outside these, like when developing a JMX bean or when writing a webservice which requires authentication, there are no standard ways to get this information.
In JBoss however, this can be solved by accessing the SecurityAssociation class.
SecurityAssociation is the JBoss recommended make login and credentials (password) available when doing remote EJB access. Looking though the JBoss source it appears that this is used to store the credentials server side as well. So, you can always get the login details using
Also interesting (but completely untested), is the pushRunAsIdentity() method which should allow (server-side only) switching run-as role without the need to call a EJB.