AXIS2-6055 Restore preemptive Basic Auth support for HttpClient 5

robertlazarski · robertlazarski · commit bfd03e4f1fec · 2026-04-20T10:32:48.000-10:00
The migration from HttpClient 4 to HttpClient 5 in Axis2 1.8 left a
TODO for preemptive authentication — getPreemptiveAuthentication()
was never checked, so credentials were only sent after a 401 challenge.
This broke users who relied on preemptive auth in Axis2 1.7.

When preemptiveAuthentication is true, set the Authorization header
directly on the request using java.util.Base64 (available since Java 8).
This bypasses the challenge/response flow, matching Axis2 1.7 behavior.
diff --git a/modules/transport/http/src/main/java/org/apache/axis2/transport/http/impl/httpclient5/RequestImpl.java b/modules/transport/http/src/main/java/org/apache/axis2/transport/http/impl/httpclient5/RequestImpl.java
@@ -336,6 +336,15 @@ public void enableAuthentication(HTTPAuthenticator authenticator) {
             }
         }
         
+        // AXIS2-6055: Preemptive authentication — send credentials on the first
+        // request without waiting for a 401 challenge. This was supported in
+        // Axis2 1.7 (HC 4) but the TODO was never implemented for HC 5.
+        if (authenticator.getPreemptiveAuthentication() && username != null && password != null) {
+            String credentials = username + ":" + password;
+            String encoded = java.util.Base64.getEncoder().encodeToString(credentials.getBytes(java.nio.charset.StandardCharsets.UTF_8));
+            httpRequestMethod.setHeader("Authorization", "Basic " + encoded);
+        }
+
         /* Customizing the priority Order */
         List schemes = authenticator.getAuthSchemes();
         if (schemes != null && schemes.size() > 0) {
