hi,
you should have a look towards jguard (
http://sourceforge.net/projects/jguard) which provides what you need (JAAS integration in
j2ee to manage authentication and authorization stuff).
notice that the 0.65beta1 release (hopefully put on sourceforge this day) permits to manage authorization (url,domains=> group of urls, and roles) through a webapp.
hope it helps,
Charles(jguard team).