Jspx integrates with JAAS APIs providing an easy to use Authentication/Authorization module. Full Details about this can be found here jaas-on-web-control-level
In the currently under developing build, jspx has added new attribute to both Page and WebControl.
This attribute can be used the same way as AllowedRoles has been used. So, if the value is set to * then no one can access this Page/Control.
A list of Roles can be concatenated to the value like DeniedRoles="System Admin,Super User,Guest"
This will allow all users does not have any of the roles listed above.
This new attribute is planned to be released on the upcomming build of Jspx.