The web management interface added in
QPID-3999 currently supports BASIC authentication. When using HTTP this is an insecure authentication mechanism. We should therefore allow support for this mechanism to be configurable rather than being always enabled.
By default, we probably want BASIC to be only enabled for SSL connections.