It should be possible to use Elytron Web without Jakarta Authentication, even the Undertow Servlet integration that we may want to use stand alone has a hard dependency on Jakarta Authentication:

https://github.com/wildfly-security/elytron-web/blob/4.x/undertow-servlet/src/main/java/org/wildfly/elytron/web/undertow/server/servlet/ServletSecurityContextImpl.java#L40-L46

Generally we perform a check "should this be handled by jakarta authenticaion", if so we let it take over - otherwise we continue. We may be able to factor out the check and taking over to an optional dependency, maybe even moved to the elytron-ee implementation.