Hi,
I'm using JBoss3.0. The way I understand security of JBossMQ is that it has its own security domain context setup in login-config.xml as "jbossmq". This references the DynamicLoginModule which references the StateManager which uses username/passwords/roles setup in jbossmq-state.xml.

What I don't understand is how I can login to this security context so that my EJB/MBean/What-have-you can gain access to things secured under jbossmq, specifically topics I've created. Let me be clear, everything works fine if I give the unauthenticatedIdentity full access, however I need to restrict access to unauthenticated users. My MDB's can gain access successfully w/ the somewhat hidden attributes <mdb-user> and <mdb-password> (setup in jboss.xml).

Can a someone give me some insight? The exact error I'm getting (even after logging in to the jbossmq application configuration) is:

javax.jms.JMSSecurityException: Connection not autorized to addMessages to destination: StateChange

Stepping through the code isn't shedding much light on the issue.

Thanks