Hi,
A while ago I noticed that pretty much every security framework out there,
including the Servlet security implementations, have utility code to
copy/restore a request.
This is needed for the situation where a user does an unauthenticated
request to a protected page, then gets to see an authentication page, and
after posting that back and having successfully authenticated the original
request is restored.
Due to the way HttpServletRequest has been designed (or grown perhaps),
it's not 100% trivial to do this. Not difficult, but tedious. See for
example my implementation here:
https://github.com/omnifaces/omnisecurity/tree/master/src/main/java/org/omnifaces/security/jaspic/request
What do you think of standardizing such utility code for this JSR? I can of
course donate my implementation (it's not really that different from any of
the ~10 other implementations out there).
To make the work less tedious I've also created an issue for this at the
Servlet spec, but didn't got any response yet. See
https://java.net/jira/browse/SERVLET_SPEC-60
Thoughts?
Kind regards,
Arjan Tijms