I have been looking at this same question. You may have already found:
http://www.jboss.org/index.html?module=bbop=viewtopicp=3827512#3827512 - but
I added a comment posing a question about capability that appears to be added
in WebLogic.
Did you resolve the problem you were having? I would
The 4.0.2RC1 release has added support for assocating a principal with
additional roles, but its up to the login module to perform the mapping from
the security domain to the application domain. The static mapping supported at
the jboss-web.xml level is only for run-as identity.
| jboss-web