The following topics provide information about WebLogic JMS security:
WebLogic JMS uses a thread-based security model. The subject of the thread is established in the JNDI lookup as the JNDI user name and password credentials. WebLogic JMS assumes all related operations are done within the same thread under the same subject that is used for later authorizations in the server. The user name and password used to create JMS connections are ignored in the authorization phase.
You can secure JMS resources that are deployed either as a service or an application. To secure JMS destinations, you create security policies and security roles for all destinations (JMS queues and JMS topics) as a group, or an individual destination (JMS queue or JMS topic) on a JMS server.
See Java Messaging Service (JMS) Resources in Securing Resources Using Roles and Policies for Oracle WebLogic Server for more information.