How do I debug application security in GlassFish v2?

Question from the GlassFish forum:

I'm migrating my application from GlassFish v2 security realm authentication to an SSO authentication using Sun Access Manager Policy Agent. I'm having trouble with the roles I've defined in the declarative security of my application. Is there a standard way to debug security in GlassFish? How can I view the role my application is receiving from Access Manager? I tried playing around with the audit modules without success. Any help in debugging issues with declarative security would be great.
Answer:

To view the roles being evaluated by the policy agent increase the log level to FINE or greater. To do this in the Admin Console (assuming a non-clustered environment), click Application Server in the left navigation bar, then click the Logging tab and the Log Levels subtab. Scroll down to the Security section and choose FINE or greater. This will show what roles are being evaluated by the policy manager.
Additional Resources:

• For information about logging, see Configuring Logging in the Administration Guide.
• For information about application security, see Securing Applications in the Developer's Guide.

<!--

I am using GlassFish with Sun Access Manager Policy Agent. How do I view the roles that are being evaluated by Policy Agent?

(FAQ not yet final - work in progress)
To view the roles being evaluated by the Policy Agent, turn up the log levels to FINE or greater.
In a non-clustered environment, in the left navigation bar of the Admin Console, click Application Server. Click the Logging tab and click Log Levels.
Scroll down to Security section and choose "FINE" or greater.
-->