yes the F5 can do both, Brad explained the checking client cert against CA. the other part you would do with an iRule, if you search for checking certificate subject or something like that you will find many posts about it.
something like this: https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx
if you want the descission logic on your Jboss environment you could also just add the subject in a header and send it with the request to the Jboss server.
still think about what Brad is saying, is there really a chance someone with a valid cert will miss use this service? if not, why the extra check.