There's nothing JBoss-specific about this. It's just that the browser and the JVM use different network code, so both need to send the username/password independently of each other. You can use Chetans suggestion of encoding the username and password as applet parameters in the web page (although that's a security risk).
If you're using a [Http]URLConnection in the applet, the following code adds the authentication header to the connection:
String authorization = Base64Coder.encode(username + ":" + password);
connection.setRequestProperty("Authorization", "Basic " + authorization).
The Base64Coder class
can be found here, or you can use any other Base64 encoding classes, e.g.
Jakarta Commons Codec.
[ October 20, 2005: Message edited by: Ulf Dittmer ]