You can achieve these with a SAM (which definitely offers more flexibility in terms of what you want to do), but the JDBC realm has some value of its own. So one thing you can explore is a custom JDBC realm. And in the authenticate method of your custom JAAS login method you maybe able to check some of the other stuff that you mention.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=290628