I'm using the Apache HttpClient with HttpPost and MultipartEntity (BROWSER_COMPATIBLE) where authentication is set through setCredentials.

When a FileBody or InputStreamBody is added to the Entity and the HttpPost is executed by the HttpClient, the Basic Authorization header will not be sent. This is whether or not preemptive authentication is used.

If the Entity only contains a StringBody then the Authorization header will be sent.

Trying to use HttpPost.addHeader to force the Authorization string appends an extra CRLF which kills the header section.

What am I missing?