Hiram, First of all, thanks for starting to document the management interface. I hope you will add the missing bits (e.g. get/update apollo.xml, shutdown the broker...) soon.
Here are some security related comments. Since credentials will be given in clear to the management interface (HTTP basic authentication), Apollo should support SSL encryption for it. The current authorization scheme (allow users defined in broker.admin to do everything) is not fine grain enough. At minimum, there should be the possibility to have two different accesses: read-only (only get information without changing the broker state) and read-write (such as restarting the broker, changing its configuration, deleting a queue...). Note that the broker configuration is very sensitive since it may contain clear text passwords (e.g. <key_storage>) and security settings (who is allowed to do what). Maybe the management interface should have its own fine grain access control (a bit like httpd) so that one can specify at the URL level who can do what? The management interface will probably be extended to include what the ActiveMQ web console provides today. If this is the case, actions such as browsing a queue, inspecting a message, sending a message, etc. should be controlled by the same per destination ACLs used by the STOMP access. Cheers, Lionel
