InformationA realm is a database of usernames and passwords used to identify valid users of web applications. Review the Realms configuration to ensure Tomcat is configured to use JDBCRealm, UserDatabaseRealm, or JAASRealm. Specifically, Tomcat should not utilize MemoryRealm.
According to the Tomcat documentation, MemoryRealm, JDBCRealm are not designed for production usage and could result in reduced availability, the UserDatabaseRealm is not intended for large-scale installations, the JAASRealm is not widely used and therefore the code is not as mature as the other realms.
SolutionSet the Realm className setting in $CATALINA_HOME/conf/server.xml to one of the appropriate realms.