Maps roles to users or groups in the currently active realm. See Realm Configuration in Oracle GlassFish Server 3.1 Application Development Guide.
The role mapping element maps a role, as specified in the EJB JAR role-name entries, to a environment-specific user or group. If it maps to a user, it must be a concrete user which exists in the current realm, who can log into the server using the current authentication method. If it maps to a group, the realm must support groups and the group must be a concrete group which exists in the current realm. To be useful, there must be at least one user in that realm who belongs to that group.
The following table describes subelements for the security-role-mapping element.
Table C-137 security-role-mapping Subelements