Layer Level security in Mapfish application

Hi All

I need to be able to only allow certain users access to specific layers in my Mapfish application.  I've configured layer level security - and this works perfectly in the Geoserver admin interface etc.  To authenticate the user in Mapfish for each layer, I used the mode=MIXED directive in layer.properties.  IE works fine - it opens a prompt for username and password etc.  Fierefox (v3.011), however pops up hundreds of these prompts (supposedly as each AJAX request for a tile reaches the server).  So I thought about approaching it a different way - providing a login box for the user that would then authenticate against geoserver setting the URL in the Ext XHR to '/geoserver/j_acegi_security_check'.   This seems to work i.t.o. authenticating the user - in firebug, the server returns '/geoserver/admin/login.do?login_error=1' with and incorrect username and password and '/geoserver' with a correct combination.  However, I am (either way) unable to trap the 200 OK response (i.e. success:true) from the server.  

After this long story, I have some questions:
1. could you create a REST service that handles the authentication and sends the success:true response?
2. if this is possible - how would you do it?
3. I've read a bit about acegi and LDAP - has anybody come right with using this in combo with Geoserver?
4. In front of my Mapfish application I have a Wordpress site - could I use Wordpress's php/mysql authentication and apply it to Geoserver i.t.o. layer level authentication?

Any help would be greatly appreciated - I'm kinda a newbie to authentication mechanisms - maybe someone can point me in the right direction i.t.o. understanding how this stuff works?

Thanks.
Regards,
Glenn