Not sure if this will be helpful; you may already know this.
This message is produced when a <run-as> role is defined for a servlet
(with the appropriate <security-role> element in the web.xml defined for
that role), but the glassfish-web.xml does not have a <principal-name>
defined for the servlet.
To eliminate the message, define the <principal-name> in the
glassfish-web.xml file.
<servlet>
<servlet-name>hi</servlet-name>
<principal-name>hiprincipal2</principal-name>
</servlet>
However, it seems as though this warning is unnecessary if the
<security-role-mapping> in the glassfish-web.xml file has a
principal-name identified for the role. And if such a mapping is not
defined, the application won't even deploy.
Tom