One of the reasons for using the interceptor/aspect stack is to allow the security
to be configurable/pluggable.
e.g. rather than requiring a
it could use an interceptor/aspect to pickup the jaas login during the normal
createConnection()just like ejb.
e.g. I don't see a problem with forcing an authentication on every request (like ejb or web),
as long as it is the same user on every request over the connection.
Ideally, the JBoss Messaging security should be a minimal integration with
a reuse of as much as possible from JBoss Security or the role based aspect
as the default implementation.
One of the reasons for doing JBoss Messaging is to move away from JBossMQ's
"I have to implement everything myself" philosophy and reuse JBoss technology.