The simple answer is ... maybe. Depending on how much work you want to do. You could write your own login module that assigns some principal (say nobody) when the principal is null. (i.e. you are not logged in) and then assign method permissions to nobody. Or... you could do the login yourself programatically and then call the methods of bean b.
If you want to use the standard Jboss security features that is the only way I know of. I usually deploy my insecure beans in their own jar mainly because I want people to know that bean X is NOT secure if they ever come behind to maintain the system.