Committed the contributed access manager in revision 526687.
I modified the class somewhat, backporting it to Java 1.4 and streamlining some of the logic, but made no functional changes. Note that the fully qualified name of the class is now org.apache.jackrabbit.core.security.SimpleJBossAccessManager (no .jboss package, and JBoss with a capital B).
It seems that the only JBoss-specific part of the class is the use of the "Roles" principal group. How about generalizing the class so that it uses all the principals associated with the subject and not just the "Roles" principals? I think it would also make sense to use the standard JAAS Permission model instead of the custom rolemapping.properties file for access control.
Thanks for the contribution!