I really wish I'd found
http://blogs.sun.com/monzillo/entry/principal_2_role_mapping_and a lot earlier, since this is exactly the functionality we are wanting and it's a concise way to explain it.
I set out to create a small JACC implementation to do exactly that mapping: group A -> role A.
Everything was working fine, then we turned on the Security Manager and suddenly everything went nuts.
I worked around the recursion issue using a thread local much like your implementation (ahem), but now it just goes off into lala-land after about 10 minutes.
I added a ton of logging and hit it with the remote debugger, but don't see anything obviously wrong.
We're still interested in getting it working because we have to deploy under Websphere as well.
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=274335