The standard way of doing this is by using Realms (http://docs.oracle.com/javaee/6/tutorial/doc/bnbxj.html).
This will provide you both the authentication mechanisms and the authorisation ones, with nice annotations to easily decorate your service classes.
Another top-notch contender is Spring Security (http://projects.spring.io/spring-security/). I would not recommend that if you plan to go plain-Java EE though.