I have the same problem. I think my auth.conf is correct but am not sure about the database structure (users and userroles). Especially the use of 'Roles' and 'CallerPrincipal' in rolegroup is not clear to me.
Already posted this in another thread : http://main.jboss.org/thread.jsp?forum=49&thread=2113
Did you find a solution ? I'm interested. Thanks.
The HTTP session does not stay valid.