Java security

You might need to grant your LogonLogoff class the Java™ security permission, to enable it to retrieve the credential information from the subject passed to it:
permission javax.security.auth.PrivateCredentialPermission 
"javax.resource.spi.security.PasswordCredential * \"*\"", "read";