TomcatSecurityService and unauthenticated user roles

Currently, TomcatSecurityService is registered as SystemInstance's RoleResolver component.
It overrides the AbstractSecurityService.getLogicalRoles() (which would grant a role with the same name as the principal name), and only interprets principals with it's own inner classes: TomcatUser and RunAsRole.
Since the default user is not of either classes, it yields an empty set of roles.

I see 2 possible solutions:

• Add a way to customize which role should be granted to an unauthenticated user
• Delegate to the default AbstractSecurityService when no roles are granted, like:

public Set<String> getLogicalRoles(Principal[] principals, Set<String> logicalRoles) {
// current implementation
if (roles.isEmpty())

{ return super.getLogicalRoles(principals, logicalRoles); }

}

See http://www.nabble.com/Unauthenticated-principal-td21012809.html