I found a solution to my problem. I am not sure if it is a hack but it seems reasonible. I created my own login so I could capture the userId and password and store them in the session. I then post a request to j_security_check for the container security.
I then use a filter to intercept every request and set the security credentials with SecurityAssociation, using the userId and password in the session. I had to create my own login because authentication happens before a filter is called so I had to way to capture the password entered by the user.