What does your client look like?
Typically you would just use the "add-user" script in the bin directory to create the proper user and add it to the appropriate group. Once that's done it's up to the client to send the proper credentials when it connects (via the JMS API).
Hashtable props = new Hashtable();
This is the client side credentials I use to connect via JMS API.
I assume this is the only place where you're passing the username and password. If that's true then it explains why you're receiving the security exception because this Hashtable of properties only applies to the JNDI lookup and not the actual JMS connection. You should be passing the username and password as part of the call to javax.jms.ConnectionFactory.createConnection(String username, String password).