Current version of LightFish (tag "secured") is able to monitor both: password secured, as well as
--nopassword GlassFish 3.1.2 instances. Binary lightfish.war download is available as well. Just drop it into
.../domains/domain1/autodeploy/autodeploy folder for installation.
If you leave the username and password fields blank, LightFish will connect with the remote domain via HTTP and without username or password. In case you are going to provide username and password, LightFish will automatically switch to HTTPs.
What is the next you would like to see?
The authentication code was contributed and developed in about ~4h by Craig de la Hunt and worked out-of-the-box after a merge.
Online workshop: Java EE 7 Bootstrap