Hi Raj,
I can't comment on the PI part, as I do not know their coding. From the code snippet above and your statements, I would guess you are creating a JAAS logon modul for an SAP NW Java or SAP Portal system. Applications there usually have a logon stack, that consist of many modules. The default stack is called ticket most of the time. For details please check the docs.
There are a nuber of standard login modules available. One of them is called BasicPasswordLoginModule. For me it is not clear, why you try to authenticate again at the same system (redirect to /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default).
The usual configuration for a logon stack on the AS Java is:
EvaluateTicketLoginModule SUFFICIENT
BasicPasswordLoginModule REQUISITE
CreateTicketLoginModule OPTIONAL
When adding additional checks (your own login module), you either replace the BasicPasswordLoginModule or you add your own login module in front of it.
If you want to do an additional redirect at the end of th estack for some reason (which I would not recommend, as thi s could also be done in the context of the application itself), this would be part of a login module added to the end of the modul stack, so that everything else gets done before the redirect. In this case, all requests (including the redirect) will contain enough information, so that using the browser to again transport your password is no longer required.
However this will not elimiante the fact, that you may find the users name and password in the browsers memory, as they are already there when the user logs in. So maybe I just did not get your use case.
Kind regards,
Patrick