The only way to do that is through using the Glassfish proprietary ProgrammaticLogin API.
See:
https://glassfish.dev.java.net/javaee5/api/com/sun/appserv/security/ProgrammaticLogin.html
However, doing so requires a Glassfish Realm to be used (that's what ProgammaticLogin "logs in" against). In your case, since you already have custom setup, you will likely have to create a custom security realm as well.
The other downside in this is that is requires a "password" in order to log in, which can obviously be quite problematic if you follow best practice and hash your user passwords (thus making them "uncrecoverable").
In this case, you'll need come up with something else that is valid as a "password" for your custom realm. This could be a signed token using a shared secret, or whatever you like.
But just note that the realm is NOT part of your application, but it is part of the SERVER that your application happens to be deployed to.
The process is doable, it works (we do it), but it's not necessarily intuitive or obvious, or trivial.
[Message sent by forum member 'whartung' (whartung)]
http://forums.java.net/jive/thread.jspa?messageID=349215