The two management interfaces will be secured by default out of the box, this is prevent accidentally making management operations available publicly.
The properties based realm has already been updated to support pre-hashed passwords and a utility script has been provided for generating the hashes, also changes to the properties file are now detected at runtime so the users can be added after the AS instance has been started.
The script can be called as: -
bin\digest-password.sh username realm password
The default realm unless changed is 'ManagementRealm'. The output from the script can be re directly into the corresponding mgmt-users.properties