sorry but I didn't understand the use of <security-role-ref> element in ebj-jar application component.
From spec 17.3.3 :
using <role-link> to link <security-role-ref> to <security-role>.The security role references used in the components of the application are linked to the security roles
defined for the application
1. Is <security-role-ref> the same of @DeclareRoles declaration?
2. If yes, can I declare only <method-permission> or @RolesAllowed without either <security-role-ref>or @DeclareRoles?
Thanks!