1) Clarify in javadoc for HttpRequest the following encoding rules for these API calls.
getServletPath() - decoded getPathInfo() - decoded getRequestURI() - remain encoded getContextPath() - remain encoded getPathTranslated() - remain decoded
2) Fix the security example on p74 and p75 of the spec.
On p75 replace the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>SalesInfo</web-resource-name>
<url-pattern>/salesinfo/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</web-resource-collection>
</security-constraint>
With this:
<security-constraint>
<web-resource-collection>
<web-resource-name>SalesInfo</web-resource-name>
<url-pattern>/salesinfo/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
Note: <user-data-constraint> and <auth-constraint> were in the wrong place.
3) Fix typos in status code listings p58 of the spec document.
SC_METHOD_NOT_FOUND -> SC_METHOD_NOT_FOUND (note the zero instead of the O)SC_VERSION_NOT_SUPPORTED -> SC_HTTP_METHOD_NOT_SUPPORTED
4) Clarify rules for getPathInfo() and getServletPath() in the case of a request mapped to the default servlet (i.e. mapped to '/').
incoming request: http://host/contextRoot/foo/bar getRequestURI() = contextRoot/foo/bar getServletPath() = /foo/bar getPathInfo() = null