With Http(s)URLConnection
The support for security, specifically HTTP authentication and/or cookie management with Http(s)URLConnection is limited due to constraints in the API. There are currently no specific features or properties on the Client class that can be set to support HTTP authentication. However, since the client API, by default, utilizes HttpURLConnection or HttpsURLConnection, it is possible to configure system-wide security settings (which is obviously not sufficient for multiple client configurations).
For HTTP authentication the java.net.Authenticator can be extended and statically registered. Refer to the Http authentication document for more details. For cookie management the java.net.CookieHandler can be extended and statically registered. Refer to the Cookie Management document for more details.
To utilize HTTP with SSL it is necessary to utilize the “https” scheme. For certificate-based authentication see the class HTTPSProperties for how to set javax.net.ssl.HostnameVerifier and javax.net.ssl.SSLContext.
With Apache HTTP client
The support for HTTP authentication and cookies is much better with the Apache HTTP client than with HttpURLConnection. See the Java documentation for the package com.sun.jersey.client.apache, ApacheHttpClientState and ApacheHttpClientConfig for more details.