In case any one else trips on this. It turned out to be a new way of handling connections for security purposes. Redirects are no longer forwarded credentials, the HTTP response during a redirect must be continually handled and then the HTTPUrlConnection object manipulated to access the new URL.
-- get 302 (redirect response code)
-- get the new location (HTTPUrlConnection.getHeaderField("Location"))
--Attach the credentials with setReqestProperty("Authorization", "Basic " + encodedPass)
--Try the new URL
--Repeat until connected
From the Java team:
"Better HTTP Redirection Support In this release, the behavior of methods which application code uses to set request properties in java.net.HttpURLConnection has changed. When a redirect occurs automatically from the original destination server to a resource on a different server, then all such properties are cleared for the redirect and any subsequent redirects.
If these properties are required to be set on the redirected requests, then the redirect responses should be handled by the application by calling HttpURLConnection.setInstanceFollowRedirects(false) for the original request.
Ref: JDK-8196902 (not public) "