Our project has a unit-test to test all REST URLs with curlib. We've observed that 2 of the tests got HTTP 401 code. Considering that all the requests use the same credentials, I'm confused with the failure. Many thanks in advance for your help!
FYI, here're the logs about the requests.
2020-06-08 19:11:36.863:DBUG:oejs.HttpChannel:qtp1025799482-16: REQUEST for //host:port/?cmd=test+cmd1&xml=true&xml=yes on HttpChannelOverHttp@2ecf9fce{s=HttpChannelState@23f31a0{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=1,c=false/false,a=IDLE,uri=//host:port/?cmd=test+cmd1&xml=true&xml=yes,age=0}
GET //host:port/?cmd=tes+cmd1&xml=true&xml=yes HTTP/1.1
Authorization: Basic ZXJzX2FkbWluOldlbGNvbWUxMjM0NQ==^M
User-Agent: Test Client/1.0^M
Host: host:port^M
Accept: */*^M
2020-06-08 19:11:37.246:DBUG:oejs.HttpChannel:qtp1025799482-16: COMMIT for / on HttpChannelOverHttp@2ecf9fce{s=HttpChannelState@23f31a0{s=HANDLING rs=COMPLETING os=COMMITTED is=IDLE awp=false se=false i=false al=0},r=1,c=false/false,a=HANDLING,uri=https://host:port/?cmd=test+cmd1&xml=true&xml=yes,age=383}
401 HTTP/1.1
X-XSS-Protection: 1^M
X-Content-Type-Options: nosniff^M
charset: utf-8^M
WWW-Authenticate: basic realm="My Realm"^M
Cache-Control: must-revalidate,no-cache,no-store^M
Content-Type: text/html;charset=iso-8859-1^M
Successful request
2020-06-08 19:11:37.168:DBUG:oejs.HttpChannel:qtp1025799482-19: REQUEST for //host:port/?cmd=test+cmd2&xml=true&xml=yes on HttpChannelOverHttp@3b24bfa2{s=HttpChannelState@10c29e8e{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=1,c=false/false,a=IDLE,uri=//host:port/?cmd=test+cmd2&xml=true&xml=yes,age=7}
GET //host:port/?cmd=test+cmd2&xml=true&xml=yes HTTP/1.1
Authorization: Basic ZXJzX2FkbWluOldlbGNvbWUxMjM0NQ==^M
User-Agent: Test Client/1.0^M
Host: host:port^M
Accept: */*^M
Response to the successful request
2020-06-08 19:11:40.080:DBUG:oejs.HttpChannel:qtp1025799482-938: COMMIT for / on HttpChannelOverHttp@12cfa2a5{s=HttpChannelState@57cd3e98{s=HANDLING rs=BLOCKING os=COMMITTED is=IDLE awp=false se=false i=true al=0},r=1,c=false/false,a=HANDLING,uri=https://host:port/?cmd=test+cmd2&xml=true&xml=yes,age=2824}
200 HTTP/1.1
X-XSS-Protection: 1^M
X-Content-Type-Options: nosniff^M
Cache-Control: no-cache,no-store,must-revalidate^M
charset: utf-8^M
X-Frame-Options: DENY^M
Content-Security-Policy: frame-ancestors 'none'^M
Set-Cookie: JSESSIONID=node0rx6gub9te2x2a84mtkfa0cpc2.node0; Path=/; Secure; HttpOnly; SameSite=Strict^M
Expires: Thu, 01 Jan 1970 00:00:00 GMT^M
Content-Type: text/xml;charset=utf-8^M
As you can see, the hashed credentials are exactly the same.