Try start Tomcat with strict compliance enabled. Add the following to your
startup script.
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
When STRICT_SERVLET_COMPLIANCE is set to true, Tomcat will always send an HTTP
Content-type header when responding to requests. This is significant as
*Thanks André. I will sure give it a try and update you. *
*Meanwhile, my team seems to tilted toward a servlet filter or jersey hook
to get this working at application layer.*
*We got a public key inside of mobile app and corresponding private key on
server side and we would be signing the respons