[Java Broker] restrict access to web management interfaces to authenticated and authorised users only

In previous releases the default configuration allowed anonymous users to view and perform a limited set of operations via the new web management interface, with ability to restrict these via the ACLs. For the 0.22 release, the broker-level configuration model has been replaced and is now entirely configurable via the web management interface, exposing additional configuration for viewing and/or manipulation that was previously either not exposed via HTTP or only read-only.

Now that functionality such as configuring the used authentication providers, ports, SSL, etc can done via the web interface it should be authenticated by default, with anonymous access only being provided where the user explicitly assigns the anonymous authentication provider to the HTTP(S) port/ports in use.