Add various roles to control access to the REST API operations.

Because of the limitations of JAX-RS 1.1 implementations, simply adding the @RolesAllowed annotation is not sufficient. There must also be a modification to the web.xml that makes sure that the implementation (whether RestEasy or CXF) scans the @RolesAllowed annotations and limits access based on those roles.