Found a small error in your jaas deployment setting in your auth.conf file. You had specified the following:
rolesQuery="select role, role from principals where emailAddress=?"
This will write in the role twice and hence overwrite the second parameter which should be the roleGroup called "Roles" which is currently the only one JBoss recognizes. I noticed this while browsing the code for the DatabaseServerLoginModule. The code that causes this is:
protected Group getRoleSets() throws LoginException
String name = rs.getString(1);
String groupName = rs.getString(2);
if( groupName == null || groupName.length() == 0 )
groupName = "Roles";
Group group = (Group) setsMap.get(groupName);
if( group == null )
group = new SimpleGroup(groupName);
} while( rs.next() );
Hope this helps.
Hit the nail on the head, thanks!