Web Application Security and Client Authentication

Consider the following implementation of Web app and Client - that uses Spring/Hibernate for the web app. The Application container is Tomcat

Web App 1 (Primary) Web App 2 Web App 3

Web App 1, 2 and 3 expose services that talk JSON

The Client is a normal browser, say there are 3 clients

Client 1 Client 2 Client 3

The requirement of the appli开发者_高级运维cation is that only the 3 clients should be able to access Web App 1, 2 and 3. If any request from any other client than the above three should be rejected by the server. Clients 1, 2 and 3 will first access Web App 1 and subsequently Web App 2 and 3.

What mechanism should I use to implement the restriction/security mentioned above? (Like client certification, security configuration etc)?

Spring Security seems to have the answers to my situation and it provides a variety of options with which the solution can be implemented.