I don't think this is something that is limited to the custom JDBC resource. I say that because I am experiencing the same thing using the built in JDBC resource. My configuration works fine on my dev glassfish setup, but it doesn't work in my clustered production glassfish setup. I have the JDBC realm declared identically in both, as well as security-rol-mappings in sub-web.xml like this:
<security-role-mapping>
<role-name>admin</role-name>
<group-name>admin</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>member</role-name>
<group-name>member</group-name>
</security-role-mapping>
Without the security-role-mappings, I found that roles will not be assigned correctly in glassfish. My problem is that even with the security-role-mappings, roles are not being assigned in my glassfish cluster.
I didn't see any mention in your posts that you had security-role-mappings, so I'd try that. If you already have, then we're experiencing the same problem with slightly different setups.
[Message sent by forum member 'rwillie6' (rwillie6)]
http://forums.java.net/jive/thread.jspa?messageID=245865