Basically the answer depends on what you're using to wrap access to the JMS send call, and, if so, how this wrapper handles security. "Raw JMS" sends, for example, draw their credentials from the current caller thread's security credential - which is something you can have direct control over by temporarily replacing the thread's credential with a new credential while you make the send call.
So how is your application sending messages to the queue?
- Are you using the SOA adapter?
- A direct raw send?
- Foreign JMS server?
- Obtaining the sender's JMS connection factory via a resource reference?
One thing to keep in mind is that creating a credential is an expensive operation - it's not usually something you want to do once per message.