Trying to configure Messaging so that different clients have different permisisons for different queues. Trying to do this via the XML files. I'm running JBoss AS 5.1.

So i added this in login-config.xml:

<application-policy name="messaging">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">props/messaging-users.properties</module-option>
        <module-option name="rolesProperties">props/messaging-roles.properties</module-option>
      </login-module>
    </authentication>
  </application-policy>

And I have props/messaging-roles.properties:

guest=guest
admin=admin

props/messaging-users.properties:

guest=guest
admin=password

Then in destinations-service.xml, I modified the DLQ:

   <mbean code="org.jboss.jms.server.destination.QueueService"
      name="jboss.messaging.destination:service=Queue,name=DLQ"
      xmbean-dd="xmdesc/Queue-xmbean.xml">
      <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
      <depends>jboss.messaging:service=PostOffice</depends>
     <!--<attribute name="SecurityConfig">
          <security>
               <role name="admin" read="true" write="true" create="false"/>
          </security>
     </attribute>-->
   </mbean>

Now my client will throw a JMSNamingException:

javax.jms.JMSSecurityException: User admin is NOT authenticated

Where the client code is:

            InitialContext ctx = new InitialContext();
            ConnectionFactory cf = (ConnectionFactory) ctx.lookup("ConnectionFactory");
            QueueConnectionFactory qcf = (QueueConnectionFactory) cf;
            QueueConnection conn = qcf.createQueueConnection("admin","password");

I'm certain there's a mistake in my configuration. Can anyone please assist? Thanks!