The issue here is more complex than just "invisibility" to non-admin users.

By default those components should be invisible to non-admin users, but should appear as visible if there are commands with ACL that allow non-admin users to execute them.

With following config:

'vhost-man' {
    commands {
        'comp-repo-item-add' = 'LOCAL'
        'comp-repo-item-remove' = 'LOCAL'
        'comp-repo-item-update' = 'LOCAL'
        'query-dns' = 'LOCAL'
        'ssl-certificate-add' = 'LOCAL'
    }
}

vhost-man will be visible to non-admin users as listed commands will be executable by local users.

With sess-man similar rules applied, however, I think that "credentials management" commands should be accessible to normal users. To resolve that, I've added an option to define default ACL for Java-based commands and set those values to LOCAL for "credentials management" commands - that made sess-man visible.

Changes are part of the issue-1564 branch. @wojtek please review changes and modified behavior.

Thank you. This look good and works well.

I was pondering this issue a bit more and while getDefaultACL() is great first step, I think we will have to improve the ACL system in the future to handle "VHost owner should be able to manage the domain and users of it's domain". We do have DOMAIN_OWNER and DOMAIN_ADMIN ACLs but when doing the ad-hoc rewrite ( #tigase/_server/server-core#1194 ) we will have to ponder the correct defaults for certain ad-hocs and the logic checking (which is, in most cases) done in each ad-hoc individually which is highly inefficient… (rel.: #tigase/_server/server-core#1570 )

Reopening to fix found NPE issue

I've resolved the issue with NPE.