That sounds like a good idea. We could give user's roles send authorization,
or maybe it should specifically remember the principal?
Please start a discussion in the JBoss/JMS development forum (towards the bottom
of the forums list) where we consider whether this creates a security hole.
Post a link back into this thread.
If you can provide a patch to do this - so we can test it out, that would be great.