I am experiencing a similar (identical?) bug that was reported in http://jira.jboss.com/jira/browse/JBAS-1852?page=com.cenqua.fisheye.jira:fisheye-tabpanel and reported fixed in JBoss 4.0.3.
I access a session bean twice from the web tier, as an unauthenticated user. The session bean function is basically a wrapper to ctx.isCallerInRole(roleName). On the second time that function is called I get
javax.security.auth.login.FailedLoginException: No matching username found in Principals
This was a configuration error on my part -- it was actually failing (in a non-obvious way) on the first call as well. Please ignore.