Invalid login creds will send many requests to server

If you set authorizations stuff in the HTTPConduit with a wrong password or username and issue a GET, 20 requests are sent to the server. For non-streaming connections (like GET), for the 401 response, the HttpURLConnection calls the Authenticator to get auth information. We create a new PasswordAuthentication object and return it each time. However, the HttpURLConnection does not compare that returned value with the previous value and will keep trying until it hits the http.maxRedirects value (default is 20).