We should externalize the java.net.Authenticator setting via some security service like JaasSecurityManagerService since this is a jvm global op (at least in jdk1.4 as I remember).