FWIW, MD5 is basically deprecated at this point. I would use at least
SHA-256 for password-hashing. Honestly, I'd use a password-mangling
algorithm and not a straight-up hash (like bcrypt, scrypt, PBKDF2, etc.).
(I've been toying-around with modifications to Tomcat's Realms and
underlying code to help support such things, but I haven't come up
with a good patch, yet).
This should be removed: it must have come from an old configuration.
You can use it for anything you'd like.
No, you can use a Filter. I'm not sure how Jersey is implemented, but
I suspect that you configured either a Servlet or a Filter at some
point in WEB-INF/web.xml. Just make sure that your own Filter performs
whatever is necessary to authenticate (e.g. calling
HttpServletRequest.login) and then sets-up the request so that Jersey
knows that the user has been successfully authenticated (it probably
just checks ServletRequest.getPrincipal, which will be set up
correctly after a successful call to HttpServletRequest.login).
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/