Normally with HTTP you can only do HTTP authentication, and SASL is for other network protocols (including standard protocols such as LDAP, IMAP, etc., but also JBoss Remoting which is presently our primary EJB transport). The "remote+http" family of protocols is special in that it uses HTTP to establish the connection, but then it uses an "HTTP upgrade" message (HTTP/1.1 Upgrade header - Wikipedia) to switch to the JBoss Remoting protocol, which then uses SASL authentication.
The "http" EJB transport is not the same as the "remote+http" EJB transport. The "http" transport uses HTTP directly and should be configured as HTTP authentication.
Thanks for the clarification!