Major Description
Currently, the BASIC auth token is cached on a per-connection basis in the RestHandler. This works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses one child-channel per each simultaneous request/response pair (stream).
One suggestion is to use org.wildfly.security.auth.realm.CachingSecurityRealm around the supported security realms to cache credentials for a configurable amount of time, or based on the number of credentials. This would also improve Hot Rod since the security realms are global
EDIT: CachingSecurityRealm apparently only caches the credential lookup and not the validation which is very costly.
Regarding DIGEST authentication, due to the existence of the (client) nonce, clients must send different headers every request time, so caching the header in the server will not work.
