The post starts by referencing a new paper that he has recently written called "J2EE Security in Oracle ADF Web Applications". This is a 54 page paper and focuses on applying J2EE security to web applications built with the Oracle Application Developer Framework (Oracle ADF) and Apache struts. I have not read it yet, i will do tonight I hope but from skimming it after downloading it looks very interesting.
Franks blog entry is about how dynamically show / hide UIX components based on the users J2EE security role membership. Frank says that he shows how to do this in his paper for JavaServer pages using the struts request tag library. This is not possible for UIX pages. Frank goes on to explain how to do this with an example that uses Expression Language and an indirect way of accessing isUserInRole().