Hi Kri Shan!
The method level takes higher priority on the class level.
See here: http://download.oracle.com/javaee/5/api/javax/annotation/security/RolesAllowed.html
Specifies the list of roles permitted to access method(s) in an application. The value of the RolesAllowed annotation is a list of security role names. This annotation can be specified on a class or on method(s). Specifying it at a class level means that it applies to all the methods in the class. Specifying it on a method means that it is applicable to that method only. If applied at both the class and methods level , the method value overrides the class value if the two conflict