Summary

Clarify that the new HttpClient API and library only supports HTTP Basic authentication.

Problem

The existing HttpURLConnection class supports a number of different HTTP authentication mechanisms (such as Basic, Digest, NTLM). Some of these mechanisms are less important than they once were and for that reason the new API only supports Basic. We need to make this clear in the docs.

Solution

Small doc update. Addition to existing @implNote of HttpClient.Builder.authenticator() method. No behavior change.

Specification

diff --git a/src/java.net.http/share/classes/java/net/http/HttpClient.java b/src/java.net.http/share/classes/java/net/http/HttpClient.java
index fbd2e2aba3695..759667edaefe0 100644
--- a/src/java.net.http/share/classes/java/net/http/HttpClient.java
+++ b/src/java.net.http/share/classes/java/net/http/HttpClient.java
@@ -389,6 +389,8 @@ public interface Builder {
         /**
          * Sets an authenticator to use for HTTP authentication.
          *
          * @implNote
          * In the JDK built-in implementation of the {@code HttpClient},
          * if a {@link HttpRequest} has an {@code Authorization} or {@code
          * Proxy-Authorization} header set then its value is used and
          * the {@link Authenticator} is not invoked for the corresponding
          * authentication. In this case, any authentication errors are returned
          * to the user and requests are not automatically retried.
+         * Additionally, the JDK built-in implementation currently only supports HTTP
+         * {@code Basic} authentication.
          *
          * @param authenticator the Authenticator
          * @return this builder