Rails app acting as gateway + wrapper?

I am currently developing a semi large application and am piecing
together various smaller web applications to decrease development
time. Some of the smaller applications are running on a tomcat
server.

The idea is that the RoR application will handle authentication,
permissions, and various other management tasks. The RoR application
should also wrap around the tomcat application. I know this can be
accomplished using an iframe, but there is still the problem of
protecting the tomcat app. And using an HTTP library (so that tomcat
data is sent to the RoR gateway, then the RoR gateway forwards data to
client) would introduce too much complexity (imo), as there will be
ajax involved.

Can anyone provide me with some pointers on how to get rails to
intercept and then authorize requests to other non-rails applications
(within the same domain!) based on a user's given permissions to an
application, page, and/or parameter(s)?

Example:

             (2) RoR gateway app
              /
(1) nginx
              \
              (3) tomcat

(1) Request to myapp:80/java_app/jsp_page
(2) nginx forwards request to RoR gateway app, which validates the
user has permission.
(3) RoR grants access to /java_app/jsp_page, tomcat page is now
*magically* displayed within the rails gateway app (in an iframe?
other options?)

Appreciate your help.