Would you please provide that URL? Also, if the server is configured to use an LDAP login module, is there any way to use those credentials on the client that is sending/receiving from those jms destinations? I would imagine that it would be simpler to create a separate login module just for the messaging security that uses roles from a properties file.