[jax-rs-spec users] [jsr339-experts] password auth at WebTarget only

From: Bill Burke <>
Date: Mon, 10 Dec 2012 10:38:37 -0500

I was thinking about this some more. Password-based authentication
should probably only be configured at the WebTarget level only. If done
at the Client level, couldn't the client be exposed to phishing attacks?
  A rogue server could post a basic-auth challenge, and the Client could
unwittingly transmit the username/password to the rogue server.

Bill Burke
JBoss, a division of Red Hat