As mentioned in Enthuware, an MDB can be annotated with @RunAs and MessageDrivenContext.isCallerPrincipal can be used in onMessage() or timeout method or life cycle callback methods of MDB.
But MDB does not interact with any client.
What is the purpose to authorize a role to access a MDB?