Currently Hudson is configured to recognize JavaServlet view of authenticated
users. In the setup module a user can request hudson to enable security or
eschew it.

I would like to see 2 options for enable security:

Option #1: Require a user to have an admin role in order to launch a build or
configure anything. This option is supproted today.

Option #2: Forbid un authenticated users from seeing any information about the
hudson configuration and/or projects. Currently I can have this effect by
modifying build.xml to set the protected URL to / but I get the undesirable side
effect of requiring authentication to even see the graphics on the login page.

This feature is important to users who have internet accessible Hudson sites.