So you want to keep BASIC authentication mechanism in web.xml ( make server to send BASIC challange in first response) , but do not want server to process next request from client?
You should be able to define custom authentication mechanism [1] and probably also override existing one .