I don't know if @RolesAllowed can be used with Servlets or not. I think it is not supported on glassfish at least (reference). I think it will be supported after servlet 3.0 as given here. You can refer to this tutorial to see how to do this with configuration in web.xml file...
is there any another way to configure roles in Servlet 2.5?..
i think i wanna save the role in Session.. (firstly, i save the role in Session when access Login Servlet)
and check it every access to Servlet.. .. yap, i think it's really "ticklish" to configure..
this is my implementation :