Right, currently the only thing one can do is only either forward or
redirect using the *passed* servletRequest,servletResponse.
If there was a way to obtain a new instance of SevletResponse, ReslvletRequest
it would be easy to programmatically call, and read output for any servlet,jsp.

Right now the only option is java.net package which is really a lousy
way of accessing resources within a server, since it is really tricky
when it comes to Form-based authentication.

Suppose you want to run a program based on Lucene from a servlet
witin the ServletContext that we want to index.
Why on earth should some one go over the authentication process
just to access resources *in* the same ServletContext??

I think jetty maybe should provide a similar mechanism to the one
that WebLogic, WebShere provide.

Concluding, i think that 2 features should be added

1)
a) FormBasedAuthenticator extends java.net.Authenticator
b) SessionBasedHttpUrlConnection extends java.net.HttpUrlConnection
this should provide cookies capability in order to store the session id.

2)
StroredResponse implements javax.http.ServletResponse
StroredRequest implements javax.http.ServletResquest

1) is needed to easily access Form-Based protected resources from
programs based on java.net package (programs running outside
the servletContext of the data they access)
2) Is needed to easily access servlets/jsps from any program
whithin the servletContext, and do more than include/redirect.

Any volunteers ?? :)

I think you can replace the HttpServletResponse by your own (wrapper) in a servlet filter; then you could implement that stored-response stuff in your wrapper....
And that would work in any servlet container.

Peter.