The Role-Based Security component handles role-based security on method level (could even do it on field level) and handles both authentication and authorization.
The implementation is completely unaware of the security scheme being used. It relies on abstraction and is using security managers that implements the
org.codehaus.aware.security.SecurityManger interface. The default implementation is using JAAS (Java Authentication and Authorization Service).
If the security managers available does not meet your needs you can just implement you own implementation of the interface and plug it into the aspect.