Hey Tomcat users, I am using Async Servlets and have a question on how to safeguard my application from Request Smuggling.
In my current setup I do the following, 1. `startAsync` on the ServletRequest. 2. Create a ReadListener and attach it to the ServletInputStream. 3. Once I have read the entire request, and onAllDataRead is invoked I forward the original ServletRequest and ServletResponse to other parts of my application for further processing in a separate threadpool. 4. Once all processing is done, close the async context. Now the dilemma I am facing is since other parts of my application still hold a reference to the ServletRequest and ServletResponse, which can potentially be recycled if there is an error and thereby cause request smuggling. What's the ideal way to safeguard against this? Should I instead pass the AsyncContext and always fetch the ServletRequest and ServletResponse from it instead of passing the original references. Thanks, Adwait.
