Got it myself.
Add the Context tag in jboss-service.xml in deploy\jbossweb-tomcat41.sar\META-INF.
<Host name="localhost">
<!-- Access logger -->
<Valve className="org.apache.catalina.valves.AccessLogValve"
prefix="localhost_access" suffix=".log"
pattern="common" directory="${jboss.server.home.dir}/log"/>
<!-- This valve clears any caller identity set by the realm
and provides access to the realm about the existence of an
authenticated caller to allow a web app to run with a realm
that support unauthenticated identities. It also establishes
any run-as principal for the
servlet being accessed.
-->
<Valve className="org.jboss.web.tomcat.security.SecurityAssociationValve"/>
<!-- Default context parameters -->
<DefaultContext cookies="true" crossContext="true" override="true"/>
<Context path="/images" docBase="C:/blue/images" debug="0"/>
</Host>