Jboss 4.0.1sp1 seems to have the possibility to authenticate against roles. However this didn't work. Looking at the source code, it seems that you forgot to register the subject with the SecurityAssociation class in the class org.jboss.net.axis.server.JBossAuthenticationHandler. Here is what the validate method becomes if we do so:
/** validates the given principal with the given password */
protected Subject validate(Principal userPrincipal, String passwd) throws AxisFault
// build passchars
char passChars = passwd != null ? passwd.toCharArray() : null;
// do the validation only if authenticated or validation enforced
Subject subject = null;
if (shouldValidateUnauthenticatedCalls || userPrincipal != NobodyPrincipal.NOBODY_PRINCIPAL)
subject = new Subject();
//isValid will setup the subject !
// have to use pointer comparison here, but itï¿½s a singleton, right?
if (!authMgr.isValid(userPrincipal, passChars, subject))
throw new AxisFault("Server.Unauthenticated",
This has been fixed for 4.0.2