Sorry if this has been addressed. If so, please point me in the right direction. I would like to be able to lock down the JMS queues that JBCS uses (like localmail, remotemail, etc). I don't want a random application to be able to place messages into those queues without authenticating. Currently, the JMSMailListener doesn't authenticate when it connects to the JMS queues to "put" messages on them (i.e., the "unauthenticated user" identity is used). In JMSMailListener.putMessage(...), there should be an option to authenticate as a given user (i.e., a "system" or "admin" user, for example). I would be willing to add the code necessary to get the "putMessage" function to authenticate as some pre-specified user, but I'm wondering what is the best way to do get userid/password information for such a "system" user. Does it make sense to have "system"/"admin" userid and password attributes in the jboss-service.xml Listener definitions (and tweak the Mbean code as well)? That way, a given listener would be able to query what the "system" userid/password is. Unfortunately, If it were designed this way, then every listener would need to define an authentication userid/password, which isn't exactly pretty. Is there a better way to accomplish this? Thanks! David View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961646#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...