Hey Man,
I think you know that - The roles attribute is used to specify
J2EE security roles that are allowed to access this action. If this attribute is present, then only those roles specified in the comma delimited list can use this action.
what exact problem you are facing while using role attribute.