I'll ignore that stacktrace because what you did with the "provided" scope is the correct thing. You shouldn't be packaging that jar with the application. JBoss AS already ships it.
As for the @RolesAllowed issue, please create a EJBTHREE JIRA and attach a simple application which I can just deploy and reproduce the issue against 6.0 CR1. I'll take a look at it tomorrow morning. By the way, I think you had problems creating a new JIRA issue. If you still have that problem, then just attach the sample application in this forum thread.