Implement ACL in GAE + GWT

I want to create a Google App Enginge + GWT application that implements Access Control Lists (ACL) for resource management etc. Just a standard non-authenticated user/basic user/manager user/admin type thing. The user's account/user type would then determine their access to certain functionality in the web application.

The only decent example I have been able to find so far requires integrating Spring Security into the mix (Spring Security in Google App Engine/), but as the tutorial mentions that it uses Spring MVC, I wonder if this is appropriate or should I look for an MVP approach?

Are there any good books/tutorials/open source projects that can provide a clear exa开发者_JS百科mple of how to achieve ACL in a GAE +GWT application (specifically Java based solutions)?

Spring Security is a very solid security framework; it does not require any coupling with Spring MVC, and it should be fully compatible with GAE/GWT. I have not used it with GWT per se, but I've integrated it into a bunch of different apps, some with non-Spring MVC frameworks, others which did not even use a web MVC. It has a little bit of a learning curve but is very well-documented and proven.