We have perimeter security for authentication but when the request reaches Tomcat we need to make sure that we have some headers set for all our components work. In the case of weblogic we used the security providers provided by weblogic by extending AuthenticationProvider and IdentityAsserter. However when it comes to Tomcat how do I do the same when we rely on perimeter authentication. Is there a similar way to do the same. Some pointers to code and links would help.