Using the JSF Security project without JAAS Roles