The HTTP invoker is presently added via the undertow-legacy-https layer but it should be split into it's own layer as it is not really related to https.

Before adding the later we may want to consider the security requirements, I believe the http invoker only supports a limited subset of HTTP authentication mechanisms - presently it will require a http-authentication-factory instead we may want the resource to support a reference to a security domain possibly with a second attribute to filter the mechanisms.