The SWORD Authenticator don't support the special group infrastructure. We have a custom authentication method that retrieve group membership querying an external service (university staff database) but the getSpecialGroups method is not invoked by the SWORD authenticator so we are not able to grant submit permission to university staff "on the fly". A patch is attached, if no objection arise I can commit the patch in the next days.
Please note that the SWORD Authenticator invoke the getSpecialGroups method supplying a "null" http request so I have patched the out-of-box authentication methods to prevent NPE. The javadoc of the AuthenticationMethod interface already allow the request parameter to be null