Once you have authenticated with the BasicAuthProvider you will have a valid session cookie.
This cookie is required to access the secure resources. The BasicAuthProvider simply extends the CredentialsAuthProvider. See source code here
So make your Basic Auth request to /Auth
, this will provide the session cookie, then you can access the secure resources without the Authorization Basic header.