Hi Tom pointed out the problem with the web console and a secured JMS-connection. While it's already possible to configure that over JNDI and straightforward to make that configurable via system-properties, this will be an issue for the in-vm jetty, that's started with the broker. We'd require the user to set a user/password to connect to the invm-broker. IMO this is quite a hassle (the same thing is true for the console, this thing in fact kills the broker because it can't startup because it gets a invalid username/password exception). The easiest thing'd be to allow vm:// connections without checking for username/password. The problem with this approach is certainly that the policy check on the queues/topics'd have to be ignored.
Any thoughts on this topic? I'll be happy to write a patch as soon as I know the way we want to go. Mario
