Google App Engine (Java) web service authentication/authorization/security

I currently have a Google App Engine app consisting of two parts:

A website using old school JSPs A RESTful service implem开发者_开发百科ented in Jersey

I've been trying to figure out how to shoehorn authentication into the web service but am rather lost since I've never used Spring before, and it sounds like that's the way to go.

Must I use Spring, or can I use Java EE? Are there any examples of how to accomplish this with Google App Engine?

Also, if I can get a high level description of some best practices for securing web services, that would be cool.

Thanks Mark

app engine has built in OAuth support, which should do what you want.

I recomend you use apache shiro instead of spring because performance more over if you haven't got experience with spring. Apache shiro is a security framework and it could be integrated with GAE. You also can find a example in githubhow integrate the framework in GAE with Guice library. Anyway for use Spring in GAE you also can find same best practice on Google Cloud Platform documentation