Implement Spring Security
title says it all
@piotr.gawron if it's not too complex, can you describe a) where access control is taking place (e.g. REST API, ...) and b) what your current security model is (e.g. Anonymous is default guest...I think).
If it's too much we can also discuss this offline.