I have observed that server.log gets an audit warning when I log in as (the existing) user 'åäö'. It is interesting to note that now Glassfish beleives that the user name is 'åäö' .
[#|2010-04-12T16:28:26.112+0200|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=27;_ThreadName=httpSSLWorkerThread-8181-1;åäö;|SEC5046: Audit: Authentication refused for [åäö].|#]
[#|2010-04-12T16:28:26.112+0200|WARNING|sun-appserver2.1|javax.enterprise.system.container.web|_ThreadID=27;_ThreadName=httpSSLWorkerThread-8181-1;_RequestID=597e49cc-6474-4ed7-92a5-6d2fa747490d;|Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception|#]
[Message sent by forum member 'tmpsa']
http://forums.java.net/jive/thread.jspa?messageID=396498