I've done this in the past by doing a JAAS login. Have a look at Testing secured EJBs on JBoss AS7.1.x with Arquillian.
Note that a given principal is going to have fixed roles associated with it by the JAAS configuration, which means that passing them may be redundant.
because we are using a custom login module I had to change JBossLoginContextFactory a little bit but than it worked.
Thanx a lot for your help!