You might need to grant your LogonLogoff class the Java™ security permission, to enable it to retrieve the credential information from the subject passed to it.
permission javax.security.auth.PrivateCredentialPermission
"javax.resource.spi.security.PasswordCredential * \"*\"", "read";