I think this post is not really BDC related but I will provide some input here anyway.
What you are trying to do is a cross platform single sign-on infrastructure so that when a user logs in once, it has a 'token' that is trusted by other applications so that he doesn't have to login anymore.
This is one way that I can think of:
Use Membership and Role Database that comes with .NET Framework 2.0. The whole scenario is a bit complicated and depends on your particular situration. In general, you can create a 'master application name' in the 'application' table and you create all your users/password from all applications into the 'membership' table, referencing the 'applicationid' of the 'master application'. Then you create 'application name' for each application in the 'application' table. You can then assign users and their roles for each application in the 'roles' table. So when a user logs in, he is authenticated once in the 'master application'. You can then use the role table to pull out his roles. If he doesn't have a role, he has no access to that application.
In order to get a token that every application trusts, you need to implement SAML + STS (Secure Access Markup Language + Secure Token Service). A user actually is authenticated against this service to get a Token. When the user tries to access an application, he sends along this token. Since the application trusts the token, authentication is not needed. But the application can use the token information to pull out role information from the roles table to determine access level.
If your java application also supports SAML, then the application can get the token and use it to get information from AD, so single sign-on is achieved.
I suppose all this can be done using .NET Framework 3.0 (WCF) but I have not done anything yet.