Both HTTP and HTTPS connectors provide login and password-based authentication. The server component contains the list of allowed login identifiers and their passwords. Management applications must specify the login and password information in the address object when establishing a connection.
If the list of recognized clients is empty, the default behavior is to perform no authentication and grant access to all clients.