From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Thu, 24 Sep 2015 18:22:08 +0200

Hi,

On Thu, Sep 24, 2015 at 12:56 AM, Edward Burns <edward.burns_at_oracle.com> wrote:
> MT> What are the chances of making some headway on the numerous open Jira
> MT> issues requesting clarification of various spec related issues?
>
> Please list them in decreasing order of priority in reply to this mail.

I'd like to call attention to https://java.net/jira/browse/SERVLET_SPEC-60

"Provide HttpServletRequestWrapper that minimizes effort required to
override core data"

One use case is to make it easier for security frameworks to save and
later on restore a request. Currently every security framework
implements this kind of functionality again. Every Servlet container
implements this as well, since they have to support the FORM
authentication mechanism which needs this.

I've implemented an example here:

https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/request/HttpServletRequestDelegator.java

This concrete implementation makes use of a dataholder class for the
core data in a request as shown here:
https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/request/RequestData.java

An abstract implementation could possibly omit this and for e.g. the
many header methods only provide a single abstract Map<String,
List<String>> getHeaders() method.

Thoughts?

Kind regards,
Arjan Tijms