Thank you Justin for the quick response. I found even an easier way to achieve the same result: I changed the configuration of the LDAPLoginModule as follows:
With the attribute *userRoleName=CN* I map the username of the authenticated user as the role name. Against this role name I will secure my destinations. -- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html