We use Websphere for customer-facing web apps, and have apps that are secured, users need to log in.
One group in our organization has created an app on a Tomcat server. They want to keep this behind the firewall - they don't want to worry about putting it on the public network. They want to see if it's possible to use WebSphere as a kind of reverse proxy that also handles security. So when a user goes to a particular subdomain, they go through Websphere, and have to be authenticated, but the web app is really running somewhere else on Tomcat.