Autenticação jdbc no Glassfish

Eu tentei de tudo e só consigo esse erro:

SEC5046: Audit: Authentication refused for [19294].
Web login failed: Login failed: javax.security.auth.login.LoginException: java.lang.ThreadDeath

meus web.xml e sun-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>UniLabor</display-name>
    
    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>
    
    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <listener>
        <listener-class>org.apache.tiles.web.startup.TilesListener</listener-class>
    </listener>
    
    <listener>
        <description/>
        <display-name>Spring ContextLoaderListener</display-name>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    
    <servlet>
        <servlet-name>tiles</servlet-name>
        <servlet-class>org.apache.tiles.web.startup.TilesServlet</servlet-class>
    </servlet>
    
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    
    <mime-mapping>
        <extension>action</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
       
    <security-constraint>
        <display-name>Área Protegida</display-name>
        <web-resource-collection>
            <web-resource-name>Área Protegida</web-resource-name>
            <url-pattern>/index.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>BASE</role-name>
        </auth-constraint>
        </security-constraint>
    
    <security-constraint>
        <display-name>Área Protegida</display-name>
        <web-resource-collection>
            <web-resource-name>Área Protegida</web-resource-name>
            <description/>
            <url-pattern>*.action</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ASSADM</role-name>
        </auth-constraint>
        </security-constraint>
    
    <security-constraint>
        <display-name>Área Protegida</display-name>
        <web-resource-collection>
            <web-resource-name>Área Protegida</web-resource-name>
            <url-pattern>*.action</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>GERADM</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>INTEGRAL</transport-guarantee>
        </user-data-constraint>
        </security-constraint>
    
    <security-constraint>
        <display-name>Área Protegida</display-name>
        <web-resource-collection>
            <web-resource-name>Área Protegida</web-resource-name>
            <url-pattern>*.action</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>TECNICO</role-name>
        </auth-constraint>
    </security-constraint>
    
    <security-constraint>
        <display-name>Área Protegida</display-name>
        <web-resource-collection>
            <web-resource-name>Área Protegida</web-resource-name>
            <url-pattern>*.action</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>CLIENTE</role-name>
        </auth-constraint>        
        </security-constraint>
    
    <security-constraint>
        <display-name>Área Protegida</display-name>
        <web-resource-collection>
            <web-resource-name>Área Protegida</web-resource-name>
            <url-pattern>*.action</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ALMOXARIFADO</role-name>
        </auth-constraint>
        </security-constraint>
    
    <security-role>
        <description>Ambiente protegido, onde todos que autenticaram tem acesso!</description>
        <role-name>BASE</role-name>
    </security-role>
    
    <security-role>
        <description>Assistente Administrativo</description>
        <role-name>ASSADM</role-name>
    </security-role>
    
    <security-role>
        <description>Gerente Administrativo</description>
        <role-name>GERADM</role-name>
    </security-role>
    
    <security-role>
        <description>Técnico</description>
        <role-name>TECNICO</role-name>
    </security-role>
    
    <security-role>
        <description>Cliente</description>
        <role-name>CLIENTE</role-name>
    </security-role>
    
    <security-role>
        <description>Almoxarifado</description>
        <role-name>ALMOXARIFADO</role-name>
    </security-role>
    
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>UnilaborDB</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login.jsp?erro=1</form-error-page>
        </form-login-config>
    </login-config>
    
    <resource-ref>
        <res-ref-name>jdbc/security</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Application</res-auth>
        <res-sharing-scope>Shareable</res-sharing-scope>
    </resource-ref>
    </web-app>

sun-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/UniLabor</context-root>
  <security-role-mapping>
    <role-name>BASE</role-name>
    <principal-name>BASE</principal-name>
    <group-name>BASE</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>ASSADM</role-name>
    <principal-name>ASSADM</principal-name>
    <group-name>ASSADM</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>GERADM</role-name>
    <principal-name>GERADM</principal-name>
    <group-name>GERADM</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>TECNICO</role-name>
    <principal-name>TECNICO</principal-name>
    <group-name>TECNICO</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>CLIENTE</role-name>
    <principal-name>CLIENTE</principal-name>
    <group-name>CLIENTE</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>ALMOXARIFADO</role-name>
    <principal-name>ALMOXARIFADO</principal-name>
    <group-name>ALMOXARIFADO</group-name>
  </security-role-mapping>
  <resource-ref>
    <res-ref-name>jdbc/security</res-ref-name>
    <jndi-name>jdbc/security</jndi-name>
  </resource-ref>
  <class-loader delegate="false"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>

ai no glassfish eu criei um pool de coneções com oracle, quando eu dou um ping ele me diz que “Ping succeded”, criei o jdbcrealm configurei as tables onde estão o login/senha e os groups, mas não funciona, se eu conseguir, vou escrever meu TCC sobre isso. :lol: