Jersey client seems to be massively leaking memory when HttpAuthenticationFeature (or HttpBasicAuthFilter in pre-2.5) is being applied repeatedly, like so:
The above code blows the heap up to around 200MB. If, however, username/password properties are not set, everything remains normal. The issue seems to be that a new lifecycle listener is added to the Client for each post() invocation when authentication is used, but only one gets added when there's no auth.
Although the above example doesn't make much practical sense and this problem can in many cases be easily worked around by simply setting the credentials once (in this case outside of the loop), when a large number of different credentials are needed, this becomes a major problem, assuming that only a single, "everlasting" Client is used as the docs recommend.