In glassfish you can either map groups to roles inside sun-web.xml OR activate-default-principal-to-role-mapping="true". You never have to do both.
But activate-default-principal-to-role-mapping="true" will do the trivial mapping of same named group to same named role.
If your group to role table is many to one then i am afraid activate-default-principal-to-role-mapping="true" will not help.
Let me get back after speaking to our architect.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=320921