I'm developing a web app with JSF. I have some javascript files that I would like to have access control on. I have inserted the following code into the web.xml file:

<security-constraint>
<display-name>Restrict access to js pages</display-name>
<web-resource-collection>
<web-resource-name>
Restrict access to js pages
</web-resource-name>
<url-pattern>*.js</url-pattern>
</web-resource-collection>
<auth-constraint>

role names

<role-name>xyzUser</role-name>
</auth-constraint>
</security-constraint>

I'm using JBuilder2005 as an IDE and when I go to deploy to JBoss app server I get the following error:

"kb": Restrict access to js pages - Authorization Constraint: There is no security role with the name "xyzUser".

kb being my war file. Where is it checking for the role name? I have used role names in my database under my roles table, I get the same error.

Any input would be appreciated.
P