You could also use the secruty framework instead of the Page roles. The idea of the scurity framework is to add annotations on html elements and if the user doesn't have the appropriate role(s) these elements will be hidden from the view. So the link to the page that you don't want the user to see will be hidden for instance. Of course this is not enought to ensure that the user doesn't try to go to a page that he is not allowed to see, but you already have secured the server part so eventhough the user could call the page it would be a page without any data.
How has this not been answered yet? Seems like a really important feature that I too will need.
We don't have a general concept of a GateKeeper, but you can use Errai Security to restrict access to pages, causing redirection to a SecurityErrorPage if the user is not authorized, or a LoginPage if they are unauthenticated. You can read about it here.
How would this work for specific business logic that works off another form of information other than a users role? I would have to assign roles for all these requirements? I would end up with a lot of roles that seems like really bad practise to have 10-100 roles to do this.