I mentioned I would return after some further testing, so I'm not replying to myself here...
My realm located in the sun-appliation.xml is used when logging in via the web-tier. If you typo it, there will be no error during EAR deployment, and you get some other mysterious realm.
I know my realm is used by placing breakpoints in the LoginModules which are part of my realm. However, when onMessage of an MDB is called, the LoginModules are not called, and when I make a remote call from a standalone java client, they are not called either. It is still some mysterious realm that has been defaulted somehow. I don't currently know what that realm is, or how to make it the one of my choice. I do know that this realm does not provide the necessary roles which would have been supplied by my LoginModules. I also suspect that this realm may be responsible for the onMessage caller principal being ANONYMOUS, which has no roles, instead of the principal I chose in the sun-ejb-jar.xml.
Finally, suspecting that this mysterious realm might be the default file realm, I used the Admin GUI to make my realm the default realm. It made no difference to the onMessage resulting in activity for my LoginModules or the principal being ANONYMOUS with no roles. And ditto for remote standalone client calls...some other unwanted realm is still operating.
Does anyone at GlassFish have any idea what's going on in this area. If it's just a matter of being "my personal configuration problem", that's fine, I'll figure it out eventually. But if this is not the correct behavior due to a bug, it would be nice to know beforehand.
Thanks
Joe
[Message sent by forum member 'teknomad' (joe.isaac_at_tolven.org)]
http://forums.java.net/jive/thread.jspa?messageID=389932