First, thanks for your answer. But I can say that the user and his roles are in the messaging-users.properties and messaging-roles.properties files. The complete program works, when I use the XAConnection and get a non-transacted session: | QueueSession session = connection.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE); | So in this case, the right credentials are read properly from the properties. Only the lookup with the java:/JmsXA jndipath lead to the securityException. My aim is to get a transacted session in the end. With the java:/JmsXA lookup or XAConnectionFactory lookup is not important. the important thing is that the message is received transacted by the queue. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120342#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...