Have you tried using the com.sun.appserv.security.ProgrammaticLogin API to authenticate the caller in the test client?
ProgrammaticLogin progLogin = new ProgrammaticLogin();
progLogin. login(String user, String password,
String realm, boolean errors)
You could use default principal to role mapping which is turned on by default in the embedded mode. So if the username maps to the rolename specified, then the caller when authenticated, would belong to that role.
[Message sent by forum member 'nitkal' (nithya.subramanian_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=384687