So I turned on FINEST logging on my security manager, it seems that the caller has the principals "admin" and "asadmin". I mapped the "admin" user to all the roles in my application, and now it's working out.
This isn't exactly what I wanted to do, but it works. If anyone has a recommendation as to how I can accomplish a programmatic "RunAs" I'd still love to hear about it.
[Message sent by forum member 'jeffreyrodriguez' (jeffreyrodriguez)]
http://forums.java.net/jive/thread.jspa?messageID=221577