As nobody answered this question the first time around lets have another go !
Using the default memory realm I have modified the Tomcat server.xml to store the passwords encrypted as follows : <Realm className="org.apache.catalina.realm.MemoryRealm" digest="MD5" /> This works fine. For my tests I would also like to use digest authorization to transfer the password over the wire. To do this I put the following in my web.xml file <login-config> <auth-method>DIGEST</auth-method> </login-config> When I access the protected web page from a browser (Mozilla or IE5.5) I get the appropriate login dialog box. However I can't log in (access denied) from either browser. What am I doing wrong ? Shimon Crown (Note - I know that using memory realm isn't a great idea but it is useful for the testing phase).