I'm surprised I have not run across this before, but we don't support passing in the security domain authentication information via the jms factory createQueueConnection(String, String) call for example. Seems like we could have a security-domain-and-application-cri style of tx-connection-factory paramater that would allow the allocateConnection to use the ConnectionRequestInfo login info if it supported it. At the following BaseConnectionManager2.allocateConnection call, the cri is an opaque interface: | public Object allocateConnection(ManagedConnectionFactory mcf, ConnectionRequestInfo cri) throws ResourceException | { | if (poolingStrategy == null) | throw new ResourceException( | "You are trying to use a connection factory that has been shut down: ManagedConnectionFactory is null."); | | //it is an explicit spec requirement that equals be used for matching rather than ==. | if (!poolingStrategy.getManagedConnectionFactory().equals(mcf)) | throw new ResourceException("Wrong ManagedConnectionFactory sent to allocateConnection!"); | | // Pick a managed connection from the pool | Subject subject = getSubject(); | ConnectionListener cl = getManagedConnection(subject, cri); | We would have to use reflection or something to see if the cri supported a PasswordCredential property or something. Since that is rather hacky, I suppose that is why? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993303#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...