Hello,
many places in the JSR-311 specifications (state of the last weekend)
refers to @Context. On some places the ScurityContext is missing beside
HttpHeaders and so on.
I think it's reasonable that HttpHeaders.getCookies() returns also an
*unmodifiable* Map.
best regards
Stephan