Exception handling is currently the worst thing about JSF.
In seam 1.1, a client-side interceptor might be the way to go.
I'm thinking the way to go with this is to remove the @RolesAllowed annotation and roll my own, which would throw an exception that my interceptor would catch.
That's what I'm doing, based on the LoggedInInterceptor in the Seam "issues" example.
It will be a good experience for me, since I haven't done any Interceptor/Annotation integration before. The seam example makes it look easy enough.
Still, it's just frustrating that I can't configure my way out of this one. There's this nice clean mechanism for determining whether a user has permission to do something, yet I can't catch the big ugly exception when there's a failed permission check from the EJB annotation.