Is tomcat UserDatabaseRealm buggy?

Hello, I think I found the following bug in tomcat 7/8 with the following setup: We use tomcat 7.0.42 (but I tried 7.0.55 and 8.0.15 without success) and deployed a web service with jersey 1.18.2. Additionally we set up HTTP authentication. In our case DIGEST authentication, but I tried BASIC

AW: [bulk]: Re: Is tomcat UserDatabaseRealm buggy?

Von: Christopher Schultz [mailto:ch...@christopherschultz.net] > Gesendet: Mittwoch, 26. November 2014 17:20 > An: Tomcat Users List > Betreff: [bulk]: Re: Is tomcat UserDatabaseRealm buggy? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Andreas, > > On 11/2

Re: Is tomcat UserDatabaseRealm buggy?

d not handle this. If you want to use this client, I could provide you a fix for this. > -Ursprüngliche Nachricht- > Von: Kehlenbach, Andreas [mailto:andreas.kehlenb...@prostep.com] > Gesendet: Dienstag, 23. Dezember 2014 08:33 > An: Tomcat Users List > Betreff: [bulk]: AW: [

AW: Is tomcat UserDatabaseRealm buggy?

oint I strongly recommend to change tomcat sources and allow nonces with a random value on authentication. This could be achieved if the nonce-count is read from the client request on authentication. - Andreas > -Ursprüngliche Nachricht- > Von: Kehlenbach, Andreas [mailto:andreas.k