Authentication and authorization frameworks for java GUI applications

around this issue I usually roll my own, since the .NET Framework is pretty full-featured in this regard, but you might try the MS Authorization and Profile Application Block.

wish helps you I found one. It's a JSR-196 implementation. Here's the link describing how to plugin OpenId4j to it: http://www-02.imixs.com/roller/ralphsjavablog/entry/openid_serverauthmodule_jsr_196_with But it's GlassFish oriented. I don't know how good it is with other Java EE App servers

Any of those help Just check how others are doing this, for example in this article: Authentication on Facebook.
In general the idea is that there is a separate API call that the client calls in order to authenticate itself to the system. The system may accept any client or only from a list of registered clients. Once the system verifies the client, it issues a special token that the client is then using in all API calls. In Facebook documentation it's called Access token. If the client tries to call an API without a valid token the system reports this as an error and in certain conditions may block the client.

I wish did fix the issue. There is no difference between single and multi page applications in terms of authentication/authorization. If you are using Forms Authentication, Windows Authentication or yet another method of authentication/authorization, you still use it when moving to single page application architecture.
In both cases, an application sends requests to the server to access resources. Multi page applications request pages. Single page applications request data from web services. Resources that need to be protected are protected, usually using built-in mechanisms.