HttpServletRequest.getAuthType returns "Programatic" if login/logout methods are used.

Javadoc says:

one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH (suitable for == comparison) or the container-specific string indicating the authentication scheme, or null if the request was not authenticated.

"Programatic" is not one of the expected values.