I've done it at least!
I've been a mod_md5 fanatic since 2001: it is a light apache
module distributed open source by http://www.frogdot.org/, it performs a
cookie based form authentication.
Apache does cookie verification and delegates to a servlet/jsp container
the actual identity check.
I think it's quite effective since both http server and application
server share the same authentication.
If you don't want to integrate/extend the app server authentication in
ordedr to provide the correct cookie generation mechanism you can simply
delegate it back to apache setting tomcatAuthentication="false" in your
server.xml configuration file.