Hi On 2023-03-20, Kamran Manzoor wrote:
> Thanks a lot for looking into this. I thought the issue was request related > but it is in response handling. It means it does trigger the request which > I have verified and it seems like the auth header is missing :(. I have > tried with default URL handler and even with older ivy version 2.4.0 with > older commons-httpclient. Nothing seems to send the auth header with > credentials :(. You may simply run this example i.e., *ant -verbose > retrieve* and see the request captured here: > *https://beeceptor.com/console/ivytry > <https://beeceptor.com/console/ivytry> * I believe this is because your service there doesn't require any authentcation at all. Apache HttpClient doesn't do preemptive authentication, it only sends credentials when really necessary. This is understandable from a security perspective. Why send credentials to somebody who never wanted them in the first place. So it performs an HTTP GET without any credentials and if this request succeeds, that's it. And this happens with your beeceptor example. You probably need to make beeceptor return 401 on the first request answering with WWW-Authenticate: Basic realm=Basic or the configured credentials are not going to be ever used. Stefan