Segurança com JAAS no glassfish

Bom dia,

Estou implementando a segurança de login em uma aplicação com JAAS no servidor glassfish, porém não estão sendo aplicadas as regras que eu estou definindo para cada grupo de usuário, o problema é que não aparece nenhuma mensagem de erro.
Alguém pode dar uma força pra me ajudar a identificar se esqueci de fazer algo ou fiz algo errado?

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.jsf</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>Login.jsf</welcome-file>
    </welcome-file-list>
 
    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>vermelho</param-value>
    </context-param>
    
    <context-param>
      <param-name>primefaces.UPLOADER</param-name>
      <param-value>auto</param-value>
    </context-param>
    
    <filter>
        <filter-name>FileUploadFilter</filter-name>
        <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>FileUploadFilter</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>jaas-sgtsgi</realm-name>
        <form-login-config>
            <form-login-page>/Login.jsf</form-login-page>
            <form-error-page>/Login.jsf</form-error-page>
        </form-login-config>
    </login-config>
    <!-- Regra Admin - Pode acessar tudo. -->
    <security-constraint>
        <display-name>regra-Admin</display-name>
        <web-resource-collection>
            <web-resource-name>regra-Adminpagina</web-resource-name>
            <url-pattern>/javax.faces.resource/*</url-pattern>
            <url-pattern>/resources/*</url-pattern>
            <url-pattern>/Login.jsf</url-pattern>
            <url-pattern>/template.jsf</url-pattern>
            <url-pattern>/resources/*</url-pattern>
            <url-pattern>/image/*</url-pattern>
            <url-pattern>/index.jsf</url-pattern>
            <url-pattern>/menu.jsf</url-pattern>
            <url-pattern>/index.jsf</url-pattern>
            <url-pattern>/pagina/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>regra-Admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>regra-Admin</role-name>
    </security-role>
    
    <!-- Regra Avisos Entregues, Para as areas acessarem apenas a Relação de Avisos Entregues -->
    <security-constraint>
        <display-name>regra-Avisos-Entregues</display-name>
        <web-resource-collection>
            <web-resource-name>regra-Avisos-Entreguespagina</web-resource-name>
            <url-pattern>/javax.faces.resource/*</url-pattern>
            <url-pattern>/resources/*</url-pattern>
            <url-pattern>/Login.jsf</url-pattern>
            <url-pattern>/template.jsf</url-pattern>
            <url-pattern>/resources/*</url-pattern>
            <url-pattern>/image/*</url-pattern>
            <url-pattern>/index.jsf</url-pattern>
            <url-pattern>/menu.jsf</url-pattern>
            <url-pattern>/index.jsf</url-pattern>
            <url-pattern>/pagina/parciaisEdesImobAreas/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>regra-Avisos-Entregues</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>regra-Avisos-Entregues</role-name>
    </security-role>
    
    <!-- Regra de acesso inicial -->
    <security-constraint>
        <display-name>paginasPublicas</display-name>
        <web-resource-collection>
            <web-resource-name>Public</web-resource-name>
            <url-pattern>/javax.faces.resource/*</url-pattern>
            <url-pattern>/resources/*</url-pattern>
            <url-pattern>/Login.jsf</url-pattern>
            <url-pattern>/resources/*</url-pattern>
            <url-pattern>/image/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>PUT</http-method>
            <http-method>HEAD</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    
</web-app>

glassfish-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
  <!--    responsavel por manter as requisicoes ajax funcionando perfeitamente com caracteres especiais-->
  <!--<parameter-encoding default-charset="UTF-8"/>-->
  <parameter-encoding default-charset="ISO-8859-1"/>
  <context-root>/SGT-SGI</context-root>
  <security-role-mapping>
    <role-name>regra-Admin</role-name>
    <group-name>Admin</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>regra-Avisos-Entregues</role-name>
    <group-name>AvisosEntregues</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</glassfish-web-app>

Configuração do jdbcRealm

Esquema do Banco:

O problema estava sendo no Assign Groups, eu estava declarando os grupos para todos os usuários.

Deixei em branco e funcionou.