Is there something like a listener that I can use when JAAS authentication is done successfully, so that I can execute code in that moment?

Right now I'm using JBoss AS 7 with the DatabaseLoginModule.

One way would be to implement a custom login class extending DatabaseLoginModule, however it feels like overkill for this requirement. I not completely clear about some aspects of the Java EE application life cycle, maybe an application or session listener is fired when login is done.

What would be the best way to achieve this?

You're on the right track: just write another LoginModule and configure it last, as 'required' so it always gets executed.

I tried making a session-scoped UserBean that implements SessionBindingListener, on the expectation that when bound, that user has just logged in, but it doesn't work quite like that in reality. Trying to do it at the bean level is tricky. You also need to organize it so that that user bean is referenced by every page the user could reach on his first login and by no pages that can be reached without a login, and deciding whether the user really is logged in is problematic as well. JAAS LoginModules are the way to go for both.