oint I strongly
recommend to change tomcat sources and allow nonces with a random value on
authentication. This could be achieved if the nonce-count is read from the
client request on authentication.
- Andreas
> -Ursprüngliche Nachricht-
> Von: Kehlenbach, Andreas [mailto:andreas.k
d not handle
this. If you want to use this client, I could provide you a fix for this.
> -Ursprüngliche Nachricht-
> Von: Kehlenbach, Andreas [mailto:andreas.kehlenb...@prostep.com]
> Gesendet: Dienstag, 23. Dezember 2014 08:33
> An: Tomcat Users List
> Betreff: [bulk]: AW: [
Von: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Gesendet: Mittwoch, 26. November 2014 17:20
> An: Tomcat Users List
> Betreff: [bulk]: Re: Is tomcat UserDatabaseRealm buggy?
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Andreas,
>
> On 11/2
Hello,
I think I found the following bug in tomcat 7/8 with the following setup:
We use tomcat 7.0.42 (but I tried 7.0.55 and 8.0.15 without success) and
deployed a web service with jersey 1.18.2. Additionally we set up HTTP
authentication. In our case DIGEST authentication, but I tried BASIC