How to define a security role in JBoss 4.2.3.