Decouple from admin console

[guusdk]

The REST API is currently served by the same webserver as the one that is serving Openfire's admin console.

I believe that this is undesirable for a number of reasons:

• authorization requirements for using either can be very different.
• heavy usage of one can now interfere with the operation of the other (they content for the same resources). An example of this is that long-running REST API calls can lock up the thread pool that is used by both. This results in the admin console to become momentarily unavailable.

The REST API should probably be exposed on a dedicated web server, using its own resources. Note that this also means that the REST API plugin will/should bind to a different TCP port. This will be a considerable compatibility issue.

@Redor - your thoughts on this?

[Fishbowler]

For compatibility purposes, we could implement a legacy proxy to the new web server on the old URL and port?

[Redor]

@guusdk

authorization requirements for using either can be very different.

That could be, but I actually liked that the authentication was handled by Openfire (additional to username/pw, it does offer also different types of authentication).

But generally speaking, I'm open to move it to separate webserver (with a proxy, for compatibility)