interesting stuff, the GenericHeaderAuthenticator.
I will give it a try as soon as I can.
However, I am in the final step of a custom solution. I have a valve that intercepts the request, call the custom login module, which in turn use the passed in cookie to retrieve the user groups and populate the java principals. I am extending the AbstractServerLoginModule.
Everything is working ok, except for the final step. Even with the java principals populated (by AbstractServerLoginModule's commit method), the J2EE login form method is being presented to the user again.
One thing to note is that when I call my protected application resource directly, the J2EE form login method is triggered, the same custom login method is executed, and everything flows without errors.
My getRoleSets method is returning a SimpleGroup "Roles" within the user's groups.
Any insights are welcome.
I took Anil's suggestion and used the GenericHeaderAuthenticator. It works like a charm.
Yes, we are charming people churning out charming solutions.
Glad that your use case was solved.