[jboss-as7-dev] Out of the Box - Management API Security

[Darran Lofthouse]

 From the requirements the APIs used to access the server need to be 
secured and there also needs to be the possibility of integrating with 
existing infrastructure - however what do we need for the out of the box 
experience?

Within prior AS releases default security configuration would generally 
be provided using login modules that read the users, their password and 
their roles from properties files.  These files would be static and for 
updates they would need to be edited by hand.

For AS7 would we also use a statically defined approach like this or for 
the out of the box security configuration would we be looking for an 
approach where the users and their roles can also be configured through 
the management APIs?

Regards,
Darran Lofthouse.