You can use Basic Auth. Encode with Base64 your username:password and send it in the request header's Authorization field. Then on the server decode and authenticate for every request. If resource should be available without authentication, use @PermitAll
. Otherwise use @RolesAllowed({"role1","role2"})
.
You can get the field from the request header like so:
request.getHeaderValue("Authorization");