Take a look at this thread: https://community.jboss.org/message/811052#811052
In essence, this feature seems to be scheduled for implementation (https://issues.jboss.org/browse/AS7-5047), but in the meantime, you can work around it by using a combination of EJB client/server interceptors and a custom JAAS login module as described here: https://github.com/jboss-jdf/jboss-as-quickstart/tree/master/ejb-security-interceptors
Thanks Robby for your quick answer.
It's not so simple but very helpful.
Does Wildfly 8.0.0.Alpha4 got it fixed? The issue AS7-5047 seems abandoned