If by authenticate user, you mean to check if the user is a valid bpm user then that can be achieved. A valid bpm user is one which has been added as part of the User Group Call Back.
But the login authentication I believe is something not done by jBPM.