Java Broker supports two security plugins allow-all and deny-all. <allow-all/> flags a Broker (or Virtualhost) as allowing all operations (which is the default). <deny-all/> tries to do the opposite although as described by
QPID-3300, is current broken.
Since equivalent functionality is offered by the ACL plugin (preferred), these two plugins will be removed.