Vaardin + Security + Tomcat question

Hi, I am a newbie to Vaardin. I am coming from GWT and I think this framework will help me code faster.

I am developing a web application and I am wondering what is the best strategy regarding security (i.e., for login, page access and application server itself). This application will operate on Tomcat.

Tomcat offers realms. Javax offers security annotations. Has anyone successfully used these in a Vaardin application to protect access to web pages (or code)? Is this the right way to go? If not, what is the recommended strategy regarding security?

Thanks !!!