In the end, I resolved issue 1 by upgrading my project to Jersey Client v2.6 and configuring the client to automatically buffer all my POST/PUT requests such that they are "repeatable" in response to any 407 challenges that come back from the proxy server.
Request buffering can be enabled in Jersey Client v2.5+ by setting the following property on the ClientConfig
object, which changes the request entity processing mode from "chunked" (the default) to "buffered":
config.property(ClientProperties.REQUEST_ENTITY_PROCESSING,
RequestEntityProcessing.BUFFERED);
This is now working for me with all three types of proxy authentication that I have to support: Basic, Digest and NTLM. I only enable this "buffered" mode when the user has configured a proxy server, as I think it's best to stick with the default "chunked" mode unless absolutely necessary. I worry about the overhead of buffering large PUT/POST requests in memory, and the potential loss of efficiency in not chunking the data.
So now my client application works properly, but I would still be very interested to hear about any possible solutions to issue 2, as it would be preferable to only trigger a single initial 407 proxy authentication challenge per Client
instance. I suspect any potential solution for this issue would only work for Basic authentication anyway, due to the inherent additional complexities of Digest and NTLM authentication.