when jsr 196 is configured for a Servlet application, the jsr 196 configuration
must be applied when HttpServletRequest#authenticate is called.
In that case, a call to HttpServletRequest#login must throw an exception since
the configured authentication mechanism may not be password based.
the servlet profile must also define what happens when
HttpServletRequest#logout is called