A user can have more than one security role, so that isn't a good key to select a welcome/home page. Also,
you should be aware that when the webapp-controlled login processes, it doesn't automatically direct one to a "welcome page", it directs one to whatever page was requested that required the login. Which is actually better if you like to "favorite" secured pages, since it allows the user to go directly to what's needed.
Probably a better way to select a welcome page is to maintain a list (for example, a database table) that associates a user with a particular welcome page (as well as any other general user-specific characteristics you might want). The welcome page could then select content based on a lookup of this information.
As I said, selection of a welcome page is not automatic, so this assumes that either the user has been directed to go to a secured home page or that you have added login-detection logic that will override the normal operation and redirect to a welcome page (at which time you can select which page to redirect to using the above tactic). There is no specific
J2EE "login event" that can be listened to, since in cases with Single Signon, login might occur external to the webapp, but the next best thing is to look for changes in the HttpServletRequest getRemoteUser() in a ServletListener.