I understand that EJB3 Timers are run with the anonymous Security Context.  In my case, the @Timeout method will need to access resources that require an authenticated/authorized Security Context (in my case via the BaseCertLoginModule).  How can I declaratively (or worst case programmatically) establish a Security Context for these purposes inside the @Timeout method implementation?