A lot of the Tests on the AS testsuite are doing this kind of deployment:

   <mbean code="org.jboss.jms.server.destination.TopicService"
      name="jboss.messaging.destination:service=Topic,name=testTopic"
      xmbean-dd="xmdesc/Topic-xmbean.xml">
      <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
      <depends>jboss.messaging:service=PostOffice</depends>
      <attribute name="SecurityConfig">
         <security>
            <role name="guest" read="true" write="true"/>
            <role name="publisher" read="true" write="true" create="false"/>
            <role name="durpublisher" read="true" write="true" create="true"/>
         </security>
      </attribute>
   </mbean>
  

And validating if the security is being respected.

All this is being deployed using the JBoss Test's deployer method.

On HornetQ, this could be either done at configuration, or by changing the Security objects directly, but the client test won't have access to the configuration.

I will change the tests in a way the security is pre-configured on the tested server. But I'm not planning to change how security is configured for the integrated server.