In keeping up with the policy of not being explicit in the manner of questions - here's a GENERIC question on the login mechanism
Let's assume that I have a Java application deployed on my INTERNAL network that connects through RMI-IIOP to the application server (again on my INTERNAL netwrok) behind the corporate firewall. My Web Server is in the DMZ zone. The internal application connects to the application server. The users of the internal application are the agents of the company.
Why do you need a login mechanism on the internal network ? All you would need are the crdentials of the user for auditing or for role determination.
Do you need a sophisticated login mechanism at all ?