In Glassfish, go to the admin console and open configuration -> security and then check
the "Default Principal To Role Mapping Enabled" box.
if you have defined a principal-2-role mapping in any of the sun-specific deployment decriptors of your application, remove the mappings.
redeploy your app, and you should get the behavior you expect (i.e group x will be mapped to role x)
this feature is not required by the EE platform, but I believe it is also available in Tomcat.
you can find more details at:
http://blogs.sun.com/monzillo/entry/principal_2_role_mapping_and
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=279763