I forgot to add the details of the application descriptors for this example...
/* application.xml for first EAR */
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "
http://java.sun.com/dtd/application_1_3.dtd">
<application id="Application_ID">
<display-name>EJB_security_test_ear</display-name>
<module id="EjbModule_1092166902734">
<ejb>ejb_module1.jar</ejb>
</module>
<security-role>
<role-name>Admins</role-name>
</security-role>
<security-role>
<role-name>Users</role-name>
</security-role>
</application>
/* sun-application.xml for first EAR */
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-application PUBLIC '-//Sun Microsystems, Inc.//DTD
Application Server 9.0 Java EE Application 5.0//EN'
'
http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd'>
<sun-application>
<pass-by-reference>true</pass-by-reference>
<unique-id>67499732739558240</unique-id>
<security-role-mapping>
<role-name>Admins</role-name>
<group-name>Admins</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Users</role-name>
<group-name>Users</group-name>
</security-role-mapping>
</sun-application>
similar role descriptions are also included in the second enterprise archive application descriptors.
[Message sent by forum member 'slossr']
http://forums.java.net/jive/thread.jspa?messageID=396643