I have a custom login module that uses authenticates against a couple of different systems. This works fine when the user first logs into the Web Application. However, when the web app then tries to call an EJB, it appears that the authentication is attempted again. This causes a problem since the authentication mechanism being used utilizes a one-time pad value that the user enters. What is the best way to deal with this situation?