I wonder if we should have some generic HttpServlet based adapter? It
can be used for all the servlet containers, where we don't have proper
adapter. We can create just HttpServletFilter and after the
authentication, send forward the wrapped HttpServletRequest with few
overriden methods (getRemoteUser, isUserInRole, logout, ...).
The disadvantage is that it's not tightly coupled with the container
security (propagation to EJB etc) and security-constraints in web.xml
won't work, so we will need to use something different (init-parameters
in the filter maybe). I know we have proxy, but maybe this will fit even
better for some environments?