Servlet 3.0 added some new methods to HtppServletRequest that should be helpful to you.
see authenticate, login, and logout.
logout was defined so that you can do username password collection in your app, and pass them on to the container for validation. authenticate allows you to decide when a container mediated newtork authentication is to occur, and logout. lets you reset the authenticate state, without invalidating the current session.
[Message sent by forum member 'monzillo' (ronald.monzillo_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=385508