When org.ops4j.pax.url.mvn PID is configured with http proxy settings as described here, there's this ugly code invoked here which sets static Authenticator. This authenticator is then used also when connecting to internal Git servlet.

Git operations work, because after several attempts to handle HTTP 401 by sun.net.www.protocol.http.HttpURLConnection itself, 401 is returned to JGit and it then sets correct Authorization header (with container credentials, not proxy ones)