For everyone's reference,
there are discussion from Enthuware forum about whether the dd augment or override method permission:
http://www.enthuware.com/forum/viewtopic.php?f=4&t=455
The specification has a conflict. It first says dd always overrides the values specified in annotation. Then, it says dd can augment the values specified in annotation.
For example, as I tried with GlassFish 3.1.2, <security-role> defined in dd
overrides the @RolesAllowed in the bean. Meanwhile, there is a design that <security-role> in dd i
s an additional role that is permitted to access a particular method.
This can be an exam watch.