There is a limit in the maximum length of Java EE security roles names ( for example one of the names used in the @DeclareRoles and @RolesAllowed annotations) ?
I would like to have some references to standards or RFC that possibly puts a limit (or not ) in the length security roles names? Is the same for Java EE 5, Java EE 6, Java EE 7 ?
There are no constraints in the spec. This is not explicitly said, but the absence of explicit constraint makes it like there are none.
Note that specific implementations like Wildfly, Weblogic, Glassfish, etc. might have constraints. You should check with your AS.