[jax-rs-spec users] [jsr339-experts] Re: password auth at WebTarget only

From: Sergey Beryozkin <>
Date: Mon, 10 Dec 2012 20:59:26 +0000

On 10/12/12 15:38, Bill Burke wrote:
> I was thinking about this some more. Password-based authentication
> should probably only be configured at the WebTarget level only. If done
> at the Client level, couldn't the client be exposed to phishing attacks?
> A rogue server could post a basic-auth challenge, and the Client could
> unwittingly transmit the username/password to the rogue server.
And what is WebTarget happens to point to the rogue server already amd
the code attempts to do a pre-emptive authentication ?