How is authentication configured for the JMX subsystem connection?
Right now the documentation just talks about disabling the connector.
At the moment we are looking to move it over to use Remoting, this way it is going to be secured using the same mechanisms as are supported for the native management interface.