2.10.1 makes several improvements to HTTP operation handling to support authentication on updates. However the support for both queries and updates is still only for HTTP authentication which means it cannot be used with systems that use forms based authentication e.g. Apache mod_auth_form http://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
Supporting this will require some fairly substantial reworking of the HTTP handling code for both queries and updates since it needs to support several things:
1 - Being able to carry out a login operation to an arbitrary URL to perform the authentication and initalize the necessary cookies
2 - Storing and presenting appropriate cookies over multiple requests
If we are to carry out this work it may be good to standardize to using a single HTTP library, currently queries use HttpQuery (a wrapper around the JRE provided HttpURLConnection) while updates use HttpOp (a wrapper around the Apache HttpClient library)
In doing this standardization we should also standardize how parameters are passed through these layers. For queries the QueryEngineHTTP sets properties on the HttpQuery object while for updates we pass them via a HttpContext object.