The SecurityException thrown when accessing EJB2 beans without sufficient permissions contained the information what roles exactly were required. The exception message contained sth. like this: "requiredRoles=[org.nightlabs.jfire.store.seeProductType], principalRoles=[_Guest_]"
This was an easily parseable text and we used it to show the user a nice error message with detailed information about what rights he should request from his boss or his administrator.
Unfortunately, after we switched to EJB3, the now thrown EJBAccessException does not contain this information anymore. It simply says "Authorization failure" without any details.
Please extend org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor to pass the required information (in a parseable form in the exception message).
Reference to our issue (with a stack trace and maybe other useful information): https://www.jfire.org/modules/bugs/view.php?id=1292