The security is on the send.
The MDB can assume that if the message is in the queue,
the person had authority to put it there.
The MDB is "invoked" by the JMS Server not the user.
But what about the case where the MDB makes a change to a specific entity that a user may or may not have access to?
It seems to me that currently it is the requirement of the caller to make that security check before sending the request.
That may be OK, but it certainly leads to the possibility that the developer of a future request might forget that requirement and introduce a security issue.
Obviously, if every call was made through another piece of code that did the check it is less of an issue, but it still seems undesirable to me.
If you want that processing, get the sender to pass
a user and password in the message.
Then make the mdb perform a login before doing