I think this is due to a change in the way that HttpClient 4.x deals with "preemptive" authentication, relative to the approach in 3.x. I have an idea of a way to make this easier within the Java client API, but would like to test it with the same URL that you're hitting in this case. From your code, I'm assuming that it's not an "API" URL, which means that it won't challenge the client for Basic Auth credentials, resulting in sending back the login page.

Can you share the controller/action from your URL?

Thanks, Josh