Found my problem. At the root, my problem was that I didn't understand how GlassFish handles role names, and that those are different than groups. For interest sake, those deploying Hudson in Glassfish should follow these steps to get authentication to work:
1) Go to "/Configuration/Security". Note the Default Realm (which, by default, is "file").
2) Also in "/Configuration/Security", make sure "Default Principal to Role Mapping" is checked(!). Otherwise, you have to include a sun-web.xml deployment descriptor with Hudson to map between a role-name (admin) and a principal-name/group-name.
3) Go to the Default Realm ("file" by default, /Configuration/Security/Realms/file).
4) Click "manage users"
5) Add a new user
a) Set the user name to "admin"
b) Set a password
c) Set the group to "admin". Technically, I don't think this part is required, but I did it just for good luck.
6) Deploy hudson.war
Richard
[Message sent by forum member 'rbair' (rbair)]
http://forums.java.net/jive/thread.jspa?messageID=202913