I'm no expert in ActiveMQ, but I'm one of the developers of the HiveMQ MQTT broker, which is also written in Java. We have an OpenSource Plugin SDK, which allows to customize the authentication of clients and the authorization of clients to publish/subscribe to the broker. You can use a relational database or any other kind of service that is accessable from within Java to determine if a certain client is allowed to publish or subscribe to a topic. Clients can be restricted by topic, activity (publish/subscribe) and QoS.
More information how it works can be found in the HiveMQ Plugin developers guide [1] [2].
Cheers, Chris
[1] http://www.hivemq.com/docs/plugins/1.4.0/#auth-permission-chapter
[2] http://www.hivemq.com/docs/plugins/1.4.0/#client-authorization-chapter