But I am not aware of these two API's and also that whether they support to core Java or not.
There is lots of information on the Web on these APIs. JAAS is more directly relevant to your problem.
JCA and JAAS APIs are part of Java SE class library.
So I have some final question which is,
Q1. Do I need to implement JAAS/JCA to make Authentication and Authorization secure?
Not necessarily. There are lots of other ways to implement authentication and authorization that do not involve JAAS or (directly) JCA.
Q2. OR any design pattern can solve my this Authentication and Authorization issue?
Erm ... no.
Q3. OR there can any other simpler way to do this?
There are lots of alternatives, especially if you are talking about securing a web-based service. Whether they are simpler depends on what your actual requirements are.