per RFC 2068
The WWW-Authenticate response-header field MUST be included in 401
(Unauthorized) response messages. The field value consists of at
least one challenge that indicates the authentication scheme(s) and
parameters applicable to the Request-URI.
WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge
The HTTP access authentication process is described in section 11.
User agents MUST take special care in parsing the WWW-Authenticate
field value if it contains more than one challenge, or if more than
one WWW-Authenticate header field is provided, since the contents of
a challenge may itself contain a comma-separated list of
public Map getHeaderFields()Returns an unmodifiable Map of the header fields. The Map keys are Strings that represent the response-header field names. Each Map value is an unmodifiable List of Strings that represents the corresponding field values.
Now per definition of Map "An object that maps keys to values. A map cannot contain duplicate keys; each key can map to at most one value. " How does this fit in with the permissible duplicate values of "WWW-Authenticate". But getHeaderFields does allow duplicate values? How do I interpret this and what is recommended in detecting the duplicate keys?