This has been some time back, but take a look at the patch:
<description>URL of the login page to derive the cookies from. Cookies will be stored upon initialization and re-initialized upon expiration. Any URL request attributes will be [..] POSTed to the page. [..]</description>
Apologies for the poor grammar in the original. Basically:
- Whenever protocol-httpclient performs an HTTP request, it will first check if there are cookies stored in the cookie jar.
- If there are cookies in the cookie jar AND none of the cookies have expired, it will do nothing.
- If there are no cookies in the cookie jar OR at least one of the cookies has expired, it will ..
- POST the URL / parameters provided in "http.cookie.login.page" property
- In the process of which, the cookie jar should get filled with the cookies you need to perform subsequent (authenticated) requests
The "http.cookie.login.page" property could contain something like "http://abc/def?username=foo&password=bar" .. the 'username' and 'password' properties will them be POSTed to 'http://abc/def', which should result in cookies being added to the cookie jar which is used for each subsequent request.
This isn't exactly a fool-proof solution (what if other requests generate expired cookies? what if the login fails? etc.), but for the project for which I wrote the patch, it suited our needs. Hope it helps!