The current definition of AsyncContext.dispatch() states:
<quote>
... the dispatch is to the URI returned by
HttpServletRequest.getRequestURI()
</quote>
This is problematic when implementing when the request URI is something
like:
"/foo/bar/../../abc/../f%24o/bar"
It would be far simpler (and this is what Tomcat does) to map
AsyncContext.dispatch() to AsyncContext.dispatch(servletPath + pathInfo)
The main difference is that request.getRequestURI() returns a decoded
and normalized value with Tomcat's approach as opposed to a undecoded,
unnormalized value using the spec described approach.
Note that the original undecoded, unnormalized URI is always available
via a request attribute.
What are other containers doing?
Is Tomcat's approach acceptable?
If yes, should the spec be changed to reflect this? (If we do we
*really* need to address SERVLET_SPEC_18.)
Mark