This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm not a security expert and I'm not sure what kind of resources you refer to, but here is a start.
If you are interested in EJBs get the EJB Spec at http://java.sun.com/products/ejb/docs.html Find the Security Management chapter and look at Bean Provider's Responsibilities. The spec is readable. See explanation of isCallerInRole and getCallerPrincipal functions.