I failed in securing the JMS queues (I'm using JBoss 3.0.2). Here what I've done:
1. In the "jbossmq-destinations-service.xml" - I've added a security configuration to the queues, allowing an "InternalRole" to read and write :
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager





2. I've added an "InternalRole" to the "jbossmq-state.xml" which is mapped to user1.
3. In the "login-config.xml", I've moved the <module-option name="unauthenticatedIdentity">guest</module-option> from the jbossmq application policy.
4. I've added to the jboss.xml the following
<message-driven>
<ejb-name>MyMDB</ejb-name>
<destination-jndi-name>queue/UserActionsQueue</destination-jndi-name>
<mdb-user>user1</mdb-user>
<mdb-passwd>11</mdb-passwd>
<mdb-subscription-id>1</mdb-subscription-id>
</message-driven>
In order to authenticate my MDB.

Still I get an error:
javax.jms.JMSSecurityException: User: null is NOT authenticated

Did I do something wrong?