10.2.9. Enable Declarative Security
The Java EE security elements that have been covered so far describe the security requirements only from the application's perspective. Because Java EE security elements declare logical roles, the application deployer maps the roles from the application domain onto the deployment environment. The Java EE specifications omit these application server-specific details.
To map application roles onto the deployment environment, specify a security manager that implements the Java EE security model using JBoss EAP-specific deployment descriptors.