Hi,
I'm testing the org.jboss.security.mapping.providers.DeploymentRolesMappingProvider on JBOSS EAP 6.4.
Why do you clear the roles in the mapGroup method ?
mappedObject.clearRoles();
It results that the authenticated user only receive the last mapped roles.
picketbox/DeploymentRolesMappingUnitTestCase.java at master · picketbox/picketbox · GitHub
My Subject contains many principals (no java.security.acl.Group)
I have added a unit test to reproduce the bug.