recommend to change tomcat sources and allow nonces with a random value on
authentication. This could be achieved if the nonce-count is read from the
client request on authentication.
- Andreas
-Ursprüngliche Nachricht-
Von: Kehlenbach, Andreas [mailto:andreas.kehlenb...@prostep.com
not handle
this. If you want to use this client, I could provide you a fix for this.
-Ursprüngliche Nachricht-
Von: Kehlenbach, Andreas [mailto:andreas.kehlenb...@prostep.com]
Gesendet: Dienstag, 23. Dezember 2014 08:33
An: Tomcat Users List
Betreff: [bulk]: AW: [bulk]: Re: Is tomcat
Hello,
I think I found the following bug in tomcat 7/8 with the following setup:
We use tomcat 7.0.42 (but I tried 7.0.55 and 8.0.15 without success) and
deployed a web service with jersey 1.18.2. Additionally we set up HTTP
authentication. In our case DIGEST authentication, but I tried BASIC
Schultz [mailto:ch...@christopherschultz.net]
Gesendet: Mittwoch, 26. November 2014 17:20
An: Tomcat Users List
Betreff: [bulk]: Re: Is tomcat UserDatabaseRealm buggy?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Andreas,
On 11/26/14 5:42 AM, Kehlenbach, Andreas wrote:
I think I found