Options:
 * integrate with existing security
 * use Spring Security