With compact profiles imminent, see http://openjdk.java.net/jeps/161, more heavy weight HTTP authentication schemes, like NTLM, Kerberos, Negotiate, may not be in the smaller profiles. In such cases the HTTP client, HttpURLConnection, should use the most secure scheme advertised by the server, and also supported by the running JRE.