First of all, the Location header is only allowed with HTTP status codes 201 and some 3xx codes. Instead, in a valid HTTP response, status code 401 requires to send the "WWW-Authenticate" header field - which is probably not what you want. That's the reason your redirect isn't followed automatically.
If your client is the only one to connect to the server and you don't care about the malformed response, you can read the headers on your client with getResponseHeader("Location")
Or you could just use HTTP status 307 instead.