As a result of this thread (in particular, my last post): http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t= was wondering, has it ever been considered to allow users to register their own custom Authenticators?
Well, I've done some digging in the current code and it looks like you can't (without modifying Jetty) - though maybe when they have AOP working in Jetty you might.
What needs to happen is the ability to register your own Authenticators (org.mortbay.http.SecurityConstraint.Auththenticator). And then in org.mortbay.jetty.servlet.WebApplicationContext any registered custom Authenticators to be set for subsequent use.
This would then be against the J2EE specs of course.