[jboss-user] [Security & JAAS/JBoss] - getting away from defining roles in ejb-jar.xml