This issue is closely related to
The annotation org.jboss.security.annotation.SecurityDomain is present in the legacy security packages and documented in 7.1 Javadoc:
Annotation for specifying the JBoss security domain for EJBs.
Nevertheless this annotation doesn't work and the one from another package has to be used instead - org.jboss.ejb3.annotation.SecurityDomain.
If the fix for
JBEAP-12478 will not include support for the legacy annotation, the javadoc has to be updated to inform users that it's only valid for old JBoss AS/EAP versions.