In a web application context, you should be able to get the client ip from HttpServletRequest#getRemoteAddr. When the request is issues through a proxy, I have seen the proxy add a "via" and "client ip adress" headers.
I have not tried this myself, but when a Glassfish calls a login module during the authentication of a Servlet request, it should be possible to obtain the HttpServletRequest object (within the login module) by calling
HttpServletRequest r = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
Then you could use the apis on the resut to find the client address.
More generally (in a web context), JAVA EE 6 and Glassfish support the Servlet Profile of JSR 196; which allows you to integrate a custom network authentication mechanism in your Servlet Container. The container will call the authenticator with the HttpServletRequest and Response messages; which your server authentication module (i.e., SAM) could use to obtain and process as (as you see appropriate) the client address info associated with the request.
Please see the following for some more info on network authentication in Glassfish
http://blogs.sun.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the http://blogs.sun.com/monzillo/entry/pluggable_authentication_in_the_glassfish
[Message sent by forum member 'monzillo' (ronald.monzillo_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=382854