I am attempting to use a password protected restful service using httpclient. The request order is:
client -> server CONNECT
server <- client 200 Connection established
client -> server POST
server <- client 401 Authorization Required
client -> server POST (with Authorization header added)
I have some httpclient 3 sample code which I can see processes the cookies after recieving the 401 response, accepts cookies and sends them back with the second POST request, however in httpclient 4 these cookies are ignored. Looking at the source code it seems that MainClientExec#execute should process the response headers and modify the request when it removes the AUTH.WWW_AUTH_RESP and AUTH.PROXY_AUTH_RESP headers.
Ignoring the question of whether the server is behaving properly or not is there any way to make this work out of the box? I'm reluctant to use a legacy version of httpclient.