8169495 added a method to HttpURLConnection to set an Authenticator instance per connection. This allowed different authenticators with different credentials to be used for different connections (even to the same URL). A side effect of this, is that the credential cache is then tied to the Authenticator instance. The functionality can be used in a number of ways:
1) Sharing one Authenticator instance among multiple connections. In this case, the credential cache is also shared. This is probably the most common use case
2) Creating a separate Authenticator instance for each connection. In this case, the caches are not shared.
To support case 2) where it is not intended to share the cache, it is necessary to prune the cache when the corresponding Authenticator is garbage collected. Otherwise, the cache will continue to grow unbounded.
1) Sharing one Authenticator instance among multiple connections. In this case, the credential cache is also shared. This is probably the most common use case
2) Creating a separate Authenticator instance for each connection. In this case, the caches are not shared.
To support case 2) where it is not intended to share the cache, it is necessary to prune the cache when the corresponding Authenticator is garbage collected. Otherwise, the cache will continue to grow unbounded.