Alexander Hartner [http://community.jboss.org/people/ejb3workshop] created the discussion "Securing JBoss Messaging and EJB3" To view the discussion, visit: http://community.jboss.org/message/553934#553934 -------------------------------------------------------------- I would like to ensure all access to any JMS destination is authenticated so I disabled the guest account in messaging-service.xml I then added a new users to messaging-roles.properties and messaging-users.properties. Now my problem is how can I get my application to access the queues. I am using EJB3 annotations as well as dependency injection for the connection factory and destinations. I was hoping to link the entire application to an application-policy specified in login-config.xml using something like this, in a similar way passwords are set on datasources: and then to specify the policyname in either jboss.xml or jboss-app.xml. However I haven't found a way of doing this. I did get the application deployed using : in ejb-jar.xml, however this only addresses the reading of messages from a queue, I believe. It also has to be done on each bean which is not ideal and not very flexible as the password is hard coded inside the ear. Are there any more elegant options of granting one application unrestricted access to any JMS resources. Without specifying these I am getting the following error message during startup: as well as: -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/553934#553934] Start a new discussion in JBoss Messaging at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]