Add HTTP authentication scheme evaluation tests and documentation

[Copilot]

Evaluates Java HTTP Client support for common authentication schemes (Basic, Digest, NTLM, SPNEGO/Kerberos) through test cases demonstrating native support, manual implementation requirements, and restrictions.

Changes

Test Infrastructure

• NettyAuthenticationServer: Test server supporting Basic, Digest, NTLM, SPNEGO/Negotiate, and Bearer authentication with configurable credentials and challenge-response flows

Test Suite

• JavaHttpClientAuthenticationTest: 12 test cases evaluating each scheme:
  • Native support via java.net.Authenticator
  • Manual implementation complexity and effort
  • Challenge-response flows
  • HTTPS compatibility
  • Comprehensive support matrix output

Documentation

• HTTP_AUTHENTICATION.md: Detailed evaluation with code examples, effort estimation, security considerations, and third-party library recommendations for each scheme

Findings

Scheme	Native Support	Manual Effort	Key Restriction
Basic	✅ Full (Authenticator)	Low (~5 lines)	None
Digest	⚠️ Limited (varies by JDK)	Moderate-High (~50-100 lines)	MD5 hashing, challenge parsing
NTLM	❌ None	Very High (~500+ lines)	Binary protocol, requires Apache HttpClient + JCIFS
SPNEGO/Kerberos	⚠️ Via JGSS API	Very High (~200+ lines)	Requires KDC infrastructure
Bearer Token	❌ None	Low (~1 line header)	Token acquisition separate

Example: Native Basic Auth

Authenticator authenticator = new Authenticator() {
    @Override
    protected PasswordAuthentication getPasswordAuthentication() {
        return new PasswordAuthentication("user", "pass".toCharArray());
    }
};

HttpClient client = HttpClient.newBuilder()
    .authenticator(authenticator)  // Handles 401 challenges automatically
    .build();

Example: NTLM Limitation

// java.net.Authenticator does NOT support NTLM
// Manual implementation requires:
// - 3-step binary protocol (Type 1/2/3 messages)
// - DES/MD4/MD5 cryptography
// - ~500+ lines of code
// Recommendation: Use Apache HttpClient with JCIFS-NG

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Evaluation of restrictions of common authentication schemes</issue_title>
<issue_description>Support for HTTP authentication protocols. The most common of these are:

• HTTP Basic
• Digest
• NTLM
• SPNEGO
• Kerberos

we need test cases that show:

1. what is natively supported
2. what can be added on the application layer (+efforts)
3. what possibly is currently not supported at all due to restriction of the implementation details
   </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Evaluation of restrictions of common authentication schemes #19

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.