The CertRolesLoginModule is an extension of BaseCertLoginModule that uses a properties file to store role information. This works just like the UsersRolesLoginModule, only without the users.properties file. In fact, all the role handling code was borrowed directly from that class.
The supported login module configuration options include the following:
rolesProperties=string: The name of the properties resource containing the username to roles mappings. This defaults to roles.properties.
roleGroupSeperator: The character used to seperate the role group name from the username e.g., '.' in jduke.CallerPrincipal=... . The default is '.'.
defaultRolesProperties=string: (4.0.2, 3.2.8) The name of the properties resource containing the username to roles mappings that will be used as the defaults Properties passed to the usersProperties Properties. This defaults to defaultRoles.properties.