To specify role names required to invoke SOA composite applications from any Java EE application, you add the roles names in the Enterprise JavaBeans service configuration. The Enterprise JavaBeans service checks to see if the caller principal has the security role. The following example provides details:

<service name="EJBService" ui:wsdlLocation="BPELEJBProcess.wsdl">
    <interface.wsdl
interface="http://xmlns.oracle.com/EJBApplication/EJBProject/BPELEJBProcess#wsdl.int
erface(BPELProcess1)"callbackInterface="http://xmlns.oracle.com/EJBApplication/
EJBProject/BPELEJBProcess#
wsdl.interface(BPELEJBProcessCallback)"/>
<property name="rolesAllowed">Superuser, Admin</property>
    <binding.ejb javaInterface="java.class.ejb.com" serviceId="EJBService"
                 jarLocation="soaejb.jar"/>
</service>