As an end user, I want to authenticate inside a Java application which is registered with the IAM Server, using Java SE SASL supported protocols: PLAIN, EXTERNAL (ceritficate-based), DIGEST_MD5, OTP, and GSSAPI(Kerberos 5). Once authenticated, I want to access the functionality of the app to which my role is authorized.

Notes: For example, if I am in a role "Marketing Manager", I should be able to access all protected APIs (via corresponding Resource Server) which are accessible to "Marketing Managers".