Our message brokers use authentication for the administrative console (by setting property "authenticate" = "true" in jetty.xml) like so:

    <bean id="securityConstraint"class="org.eclipse.jetty.http.security.Constraint">

        <property name="name" value="BASIC" />

        <property name="roles" value="admin" />

        <property name="authenticate" value="false" />

    </bean>

  This secures the admin console quite well.  However, I've just been experimenting with using BlobMessage, which utilizes the "fileserver" service that is active with the broker.  What I've discovered is that the client can't transfer the BlobMessage to the uploadURL if "authenticate" is set to true.  When I set it to "false" the BlobMessages transfer just fine. 

Is there a way to specify credentials when sending the BlobMessage?  Is the only solution to turn off authenticaion on the web console(s)?

Any advice is very much appreciated.