I understand that EJB3 Timers are run with the anonymous Security Context. In my case, the @Timeout method will need to access resources that require an authenticated/authorized Security Context (in my case via the BaseCertLoginModule). How can I declaratively (or worst case programmatically) establish a Security Context for these purposes inside the @Timeout method implementation?