Security entries
If this element is present, all web and EJB modules MUST make the
appropriate access checks as outlined in the JACC spec.
Set this attribute to "true" if the work is to be performed
as the calling Subject.
Set this attribute to "true" if the installed JACC policy
contexts will use PolicyContextHandlers.
Used by the the Deployer to assign method permissions for
all of the unspecified methods, either by assigning them
to security roles, or by marking them as unchecked. If
the value of default-role is empty, then the unspecified
methods are marked unchecked