How should I take care of issues like security while implementing a QueueConnectionFactory and other administered objects in JMS?
JMS does not define a security API. JMS implementations provide vendor-specific security facilities, typically, through a text-oriented console or a graphical browser/console.
For this reason, (distributed) JMS clients should use a topic and queue design within their application components that facilitates the factoring of and provision of security at several levels--whatever matches the needs of the application components. In this way, an administrator can set the security characteristics of various topics and queues to allow the proper level of accessibility by user and by application functionality.