On my company blog I made two blogs how to implement security in your Web Application. The first part is the standard container security. In this blog I describe the Weblogic Role mapping, How to retrieve the user roles ( Weblogic Subject ) and how you can use this in a managed bean or in a JSF page.
The second part is ADF Security. With ADF Security you can protect your JSP or JSPX pages just like the default container security but ADF Security can do more like protecting your Task Flows ( fragments), Anonymous support, retrieve all the user roles, can create test users and roles in Weblogic. And how you can use ADF Security in your managed bean or JSF page. In this blog I also explain how the JAZN Enterprises roles maps to the Weblogic groups.