Alas, native applications cannot make use of the user-role-permission mechanism available to web applications (see http://www.tersus.com/#Id=324).
This is because this mechanism works by deciding at runtime which parts of the client should be sent from the server, in other words the client parts which the user is not permitted to access are not simply hidden by the client, but actually do not exist in the client instance sent to the user's browser. A native app is by definition client-side and it's content in full is determined at export time ... there is no server to decide what is to be sent at runtime.
In order to have similar behavior in your native app, you'll need to remove all permissions from your application, and instead use modelling to explicitly hide certain client parts based on the user using it, or alternatively build separate native versions and distribute them selectively to your different users.
The same goes for the basic authentication mechanism - the automatic, browser-based login dialog which is displayed because the browser is prompted to do so by the server (specifically by tomcat), even before the application's client is downloaded to the browser. You'll need to model this as well - see also http://www.tersus.com/#Id=5694).
For best results, use the Firefox browser..