Added basic auth. Following URL: <url user="foo" password="bar">http://localhost/auth</url> ...causes appropriate Authorization header to be sent. You have to know when you need auth enabled. Auth challenge (401 header) is treated (along with all 4xx type responses) as error.