I agree that the "username/password" in a config file is intrusive and non-elegant. I like the idea of disabling the invokers. The only downside is that a system may indeed WANT to have a separate machine publish to a remote queue on the JBCS machine. Disabling the invoker would prevent this. Even so, one may make the argument that if there's going to be 2 servers communicating stuff between them (like, "send this message"), then a web-services interface might be a better service interface than a remote, password-protected queue. Just in case, though (directed at AronSogor), how would the "JAAS semi-simple" solution work? I was thinking yesterday about the way EJB's have a "runas" annotation, directing the bean to "Run As" a given user role. Is there a way to get MBeans to do something like this, since (for example) the JMSMaillistener is the one submitting to the mail queue. If the JMS is protected by JAAS (in your semi-simple solution), then what is the mechanism for becoming the role that you want to use when publishing to the queue? Thanks! David View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961880#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...