The warning above means that you fail to authenticate the user tomcat more than once. Tomcat suspects that it is brute force attack on the user tomcat.
What authentication you use in your application? What login-config you use in web.xml of the application?
The default configuration of resourceName "UserDatabase" is the file conf/tomcat-users.xml. Did you change the configuration of resourceName "UserDatabase"?
You can find the configuration of the resource UserDatabase in the file server.xml:
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
By default all users are commented. To be able to work with users from the XML file you should uncomment. Then, you will be able to login with user tomcat:
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>
Best regards,
Michael